Computer World Services Corp (CWS) is seeking an exceptional candidate to serve as the Systems Security Lead for the NIH/National Institute of Environmental Health Sciences (NIEHS), IT Infrastructure Program. NIEHS requires support for proactive and effective project management, efficient administration of the Data Center, successful operations and maintenance of servers, applications and networks, and prompt and efficient service desk support.
The System Security Lead will be responsible for overseeing the security operations and ensuring the protection of the organization's information systems. This role requires in-depth knowledge and experience in information security, compliance with federal guidelines, and the ability to lead security initiatives. The ideal candidate will have a strong technical background, excellent leadership skills, and a commitment to maintaining the confidentiality, integrity, and availability of information systems. This role involves working in a collaborative environment with various teams to ensure the security and resilience of federal information systems. The Systems Security Lead will be the central point of collaboration for monitoring, assessing, and defending against cyber threats.
Key Tasks and Responsibilities
Information Security Operations:
Manage day-to-day information security tasks including monitoring, detecting, investigating, and responding to cyber threats.
Develop and maintain a System Security Plan (SSP) as per NIST 800-53 framework.
Coordinate efforts to monitor, assess, and defend against cyberattacks.
Security Compliance and Reporting:
Ensure compliance with FISMA, NIST security guidelines, and other OMB mandates.
Periodically review logs, generate compliance audit reports, and update security policies and procedures.
Report all security incidents to the Information System Security Officer (ISSO) and Contracting Officer's Representative (COR).
Network Security Management:
Implement a network security management framework focusing on prevention, continuous monitoring, detection, containment, eradication, recovery, and follow-up.
Perform and monitor vulnerability scanning on IT systems and network infrastructure.
Administer firewall systems, IDS/IPS, log aggregation systems, web traffic filtering appliances, and file integrity monitoring applications.
Incident Response and Forensics:
Manage data forensics activities including retrieving information from computers and data storage devices.
Maintain the chain of custody for retrieved data, perform forensic investigations, and create forensic reports.
Investigate alerts from DLP agents and support the resolution of DLP rule problems.
Technical Documentation and Policy Development:
Author, edit, and maintain design documentation, standard operating procedures, and system configuration documentation.
Develop security policies, procedures, and detailed reports to support NIEHS/NIH/GAO audits and compliance requirements.
Assessment and Authorization (A&A):
Support the ongoing Assessment and Authorization (A&A) process to ensure FISMA compliance.
Develop strategies to integrate traditional C&A efforts into the System Development Lifecycle (SDLC) and the Information Security Continuous Monitoring (ISCM) program.
Provide support for the NIH Assessment and Authorization process and artifacts.
Education & General Experience
B.S. in Computer Science, Information Technology Management, or Engineering.
Alternatively, four years of related experience may substitute for the educational requirement.
Minimum 5 years of experience in analyzing information security systems and applications.
Experience with Federal Information Processing Standards (FIPS) and NIST Special Publications (800 series) on Computer Security.
Proficiency in vulnerability analysis, security evaluation and testing, certification and accreditation, and incident reporting and remediation.
Experience in leading application and system security initiatives and providing technical expertise in designing secure public-facing and internal-facing services and APIs.
Experience in authoring, editing, and maintaining design documentation, SOPs, and system configuration documentation.
Certifications
Certified Information Systems Security Professional (CISSP) or equivalent.
ITIL 4 (Preferred)
Security Clearance
Public Trust Moderate (Tier 2)
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
May require local travel to customer sites.
This position may require working outside of regular business hours, including nights, weekends, and holidays to support after-hour emergencies or surge support.
May require sitting/standing for extended periods and performing tasks involving bending, stooping, and reaching.
Potential continental US travel to other customer locations, if required.
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at