Job Department: Information Technology

Zero Trust is currently seeking a Senior Cybersecurity Compliance Analyst to join our team. The Senior Cybersecurity Compliance Analyst will support the day-to-day and project-based security activities, POA&M remediations, vulnerabilities impact, and remediation process for the on-premises and cloud environments.

 

The Senior Cybersecurity Compliance Analyst will use his/her expertise to effectively manage security compliance activities, security waivers, documentation by working and providing guidance to all the stakeholders.

 

PRIMARY RESPONSIBILITIES:

· Manage daily Cybersecurity compliance activities.

· Proactively Manage Cybersecurity projects and tasks.

· Take initiatives to identify compliance weaknesses and present reports to the management.

· Lead and mentor the NCATS CSS Cybersecurity compliance team.

· Must be familiar with Risk Management Framework (RMF), NIST 800-53 and other Government mandates.

· Lead NCATS Cybersecurity compliance efforts to follow the Risk Management Framework (RMF).

· Have a solid understanding of the ATO preparation and assessment process.

· Schedule and coordinate compliance activities, sessions, and meetings with the stakeholders.

· Provide security controls implementation guidance.

· Be able to effectively work with stakeholders to manage and close POA&Ms.

· Provide effective guidance to the stakeholders on secure baseline configurations.

· Manage compliance documentation in NIH GRC tools.

· Ensure on time delivery of task order deliverables for cybersecurity compliance.

· Manage work through tools such as NIH incident response (IRT) portal, Splunk, ServiceNow, Jira, Confluence etc.

· Provide guidance on ATO package preparations and security controls implementation.

· Establish communications with vendors for the release of newly identified vulnerabilities and to ensure they understand the specialized requirements of the client’s information systems.

· Develop daily, weekly, and annual NCATS security landscape metrics.

· Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities.

· Provide notification of potential threats by tracking vulnerabilities and exploits, propagation of worms and viruses.

· Monitor the progress of internal and external organizations to ensure operational requirements are fulfilled for audits and reviews.

 

BASIC QUALIFICATIONS:

· Bachelor’s degree in a relevant technical discipline and 4+ years of overall related experience. 5+ years of additional related years of experience is accepted in lieu of a degree.

· Experience working with NIST 800-xxx series guidance.

· Project management experience a must.

· Familiarity with different encryption types.

· Familiarity with Windows/Unix/Linux platforms.

· Familiarity with DevOps pipelines, code scanning, penetration testing etc.

· Proven experience with incident and change management systems such as ServiceNow and Jira.

· Well versed in Active Directory, Office 365 and other platforms.

· Experience in Threat and Vulnerability scanning and remediation methodologies.

· Familiarity with System Incident and Event Management (SIEM) and other logging and monitoring tools.

· Experience in Vulnerability management and threat management tools such as Tenable Nessus, Netsparker, McAfee suite, Palo Alto, Amazon inspector and Cloud Watch etc.

· Experience in a hybrid operations environment providing leadership specified reports based on information received from other system owners and operations team.

 

PREFERRED QUALIFICATIONS:

· BS or MS degree in computer science, computer engineering, information systems, privacy engineering or related field of study.

· CEH, Security Plus. Splunk Power User.

· Excellent communication and presentation skills and the ability to effectively communicate designs, proposals, and results; and negotiate options at management levels

· Proficient in developing briefing materials, administrative, and logistic support.

The Information Security Compliance Engineer will support the NCATS Cybersecurity Services (CSS) team in implementing the NIST 800-53 security controls and assist the infrastructure, platform and application teams with technical security support. Oversee the security posture of NCATS systems, inventory, and applications. Provide Risk Management Framework (RMF) support. Assist in the remediation of Plan of action and miles stones (POA&M) by. Provide analysis of day-to-day security activities, identify, and manage cyber risks, prepare remediation plans, be able to effectively draft compliance documentation. The Infosec Compliance Engineer will also use the expertise to manage security incident workflows and waivers. Provide strategic design guidance to all the stakeholders to translate security and business requirements into technical designs; configure and validate secure complex systems; and help test security products and systems to detect security weakness. 

 

PRIMARY RESPONSIBILITIES: 

• Manage daily Cybersecurity Operational activities.
• Proactively Manage Cybersecurity Operations projects and tasks and ensure on time delivery.
• Take initiatives to identify, analyze and remediate weaknesses and present reports to the management.
• Lead and mentor the NCATS CSS Cybersecurity Operations team.
• Must be able to represent NCATS CSS team and provide technical security guidance in troubleshooting calls.
• Must have hands on experience with firewalls, load balancers switches, routers, Windows and Linux/Unix servers.
• Must have expert understanding of TCP/IP and networking principles.
• Take the lead on securing NCATS system and applications through system hardening.
• Must be able to secure DevOps pipelines by providing technical security guidance and support to the application and infrastructure teams. 
• Lead the security operations in proactively managing threats, vulnerabilities and remediation efforts.
• Must be familiar with Risk Management Framework (RMF), NIST 800-53 and other Government mandates.
• Lead NCATS Cybersecurity ATO preparations efforts to follow the Risk Management Framework (RMF).
• Have a solid understanding of the ATO preparation and security controls implementation process.
• Lead ATO technical guidance efforts and help write documents such as System Security Plans (SSPs).
• Schedule and coordinate operational activities, sessions, and meetings with the stakeholders.
• Provide security controls implementation guidance. 
• Provide effective guidance to the stakeholders on secure baseline configurations.
• Manage work through tools such as NIH incident response (IRT) portal, Splunk, ServiceNow, Jira, Confluence etc.
• Establish communications with vendors for the release of newly identified vulnerabilities and to ensure they understand the specialized requirements of the client’s information systems.
• Develop daily, weekly, and annual NCATS security landscape metrics.
• Help the Vulnerability Management team to Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities. 
• Monitor the progress of internal and external organizations to ensure operational requirements are fulfilled for audits and reviews.

REQUIRED QUALIFICATIONS: 

• Must Have hands on Linux/Unix experience and know how secure the systems. 
• Understand how to implement security controls based on NIST 800-53. 
• Must be able to conduct and lead technical reviews and analysis with infrastructure and application teams.
• Must be able to troubleshoot security incidents and lead the other technical teams to resolve incidents as well as remediate the threats and concerns.
• Must be able to provide guidance on security control implementation and perform technical tasks when needed for Windows, Linux/Unix environments.
• Must be familiar with networking and other infrastructure components such as traffic flow, access management and Active Directory etc. 
• Be able to manage cyber risks by providing guidance to secure system designs, baseline configuration assistance and administer ATO preparation activities. 
• Be able to manage and administer the security tools and have hands on working experience with Tenable Nessus, Netsparker,  Trellix suite, Palo Alto, BigFix, Splunk, etc. and cloud-based equivalents. 
• Must have experience with DevOps security controls implementation.
• Must be familiar with GitHub, Docker and in general with the CI/CD pipeline security.
• Assist in security incident response efforts.  
• Work with other teams to integrate the NCATS Threat and Vulnerability Management processes with the patching cycles, baseline configurations and CIS benchmarks. 
• Must be familiar with database server architecture and be able to provide security support to the database team. 
• Must be familiar with Cloud environments and tools.   
• Must be familiar with Risk Management Framework (RMF) and Government mandates such as continuous diagnostic mitigation (CDM) and Binding operations directives (BODs) 
• Identify, analyze, and develop mitigation or remediation actions for POA&Ms 
• Assist with a reliable patch and compliance management mechanism for all on-premises and cloud systems. 
• Recommend, configure, and install advanced firewalls and centrally manage other security tools in multiple cloud environments. 

PREFERRED QUALIFICATIONS: 

• BS degree in computer science, computer engineering, information systems, privacy engineering or related field of study. 
• Bachelor’s degree in a relevant technical discipline and 4+ years of overall related IT security compliance experience. 5+ years of additional related years of experience is accepted in lieu of a degree.  
• Experience working with NIST 800-53 series guidance. 
• Familiarity with Windows/Unix/Linux platforms. 
• Familiarity with DevOps pipelines, code scanning, penetration testing etc. 
• Experience in security compliance documentations such as SARS[MB1] [IJ2] , Waivers, Contingency and Incident Response plans, etc. 

The Senior Vulnerability Management Analyst will support the analysis of software/hardware vulnerabilities, impact, and lead the remediation efforts for the on premise and cloud environments. 

The Senior Vulnerability Management Analyst will use their expertise to manage complete vulnerability management operations by working with and providing guidance to all the stakeholders. 

PRIMARY RESPONSIBILITIES: 

• Manage and run the threat and vulnerability management operation effectively and mentor the junior team members.
• Establish proactive threat and vulnerability monitoring, identification, assessment / analysis, validation, remediation, and reporting mechanism.
• Be able to manage and administer threat and vulnerability management tools and have hands on working experience with Tenable Nessus, Netsparker, Trellix suite, Palo Alto, BigFix, Splunk etc.
• Must be familiar with Government security mandates and requirements.
• Own the threat and vulnerability scanning schedules as well as management and communicate the results with the stakeholders to ensure timely mitigation.
• Work with other teams to integrate the threat and vulnerability management processes with the maintenance windows.  
• Establish communications with vendors for the release of newly identified vulnerabilities and to ensure they understand the specialized requirements of the client’s information systems.
• Compile daily, weekly, and annual vulnerability metrics associated with affected and non-affected products.
• Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities. 
• Prioritize identified vulnerabilities based upon severity, potential operational impact, and other factors for the client. Analyze issues affecting components with vendor provided fixes and contact the appropriate vendor for a defined and attainable solution. 
• Provide notification of potential threats by tracking vulnerabilities and exploits, propagation of worms and viruses as they migrate throughout the client environment and globally. 
• Monitor the progress of internal and external organizations to ensure operational requirements are fulfilled for audits and reviews.

BASIC QUALIFICATIONS: 

• Bachelor’s degree in a relevant technical discipline and 4+ years of overall related experience. 5+ years of additional related years of experience is accepted in lieu of a degree. 
• Demonstrated experience with incident management tools such as ServiceNow and Jira.
• Experience in threat and vulnerability scanning and remediation methodologies.
• Familiarity with System Incident and Event Management (SIEM) and other logging and monitoring tools.
• Experience in vulnerability management and threat management tools such as Tenable Nessus, Netsparker, McAfee suite, Palo Alto, Amazon inspector and Cloud Watch etc.
• Experience in a hybrid operations environment providing leadership specified reports based on information received from other system owners and operations team. 

PREFERRED QUALIFICATIONS: 

• BS or MS degree in computer science, computer engineering, information systems, privacy engineering or related field of study.
• Strong software development skills. 
• Excellent communication and presentation skills and the ability to effectively communicate designs, proposals, and results; and negotiate options at management levels
• Proficient in developing briefing materials, administrative, and logistic support.
• Advanced communications and presentation skills enabling precise conveyance of information across the organization with command.

• The pace of work at NCATS requires individuals to possess a good work ethic and be able to work independently as well as with a group.
• The successful candidate will have a BS with relevant experience; MS or PhD preferred.
• Desired skills include experience in compound management using automated liquid handlers such as Biomek i7, Biomek FX, Perkin Elmer Janus, and Tecan EVO is preferred
• Experience with acoustic dispensing instruments such as Beckman Echo 6XX series, Beckman Echo 525, or EDC Biosystems ATS-100 is preferred
• Candidate should have experience in preparation and handling of small molecules in powder or solution forms
• Experience with Agilent LC-MS and compound quality control is a plus
• A strong working knowledge of Microsoft Excel
• Previous experience working with SQL and Oracle databases as well as programming in C#, java, or python is preferred but not expected.
• NIH experience is preferred
• Experience with preparation and handling of proteins, gRNA or DNA Encoded libraries (DEL) is a plus 
   

Axle Informatics is a bioinformatics and information technology company that offers innovative computer services, informatics, and enterprise solutions to research centers and healthcare organizations around the globe. With experts in software engineering, bioinformatics and program management, we focus on developing and applying technology tools and techniques to empower decision-making and accelerate the discovery in translational research. We work with some of the top research organizations and facilities in the country including multiple institutes at the National Institutes of health (NIH).

 

Overall Position Summary and Objectives:

Applicants will assist with NCATS’s efforts to introduce new enabling technology to medicinal chemistry laboratories.  This will include carrying out work that mirrors traditional bench work of medicinal chemists and in parallel utilize new technologies to allow for comparison analysis. Applicants must be well trained in the methods and concepts of organic chemistry with experience in organic synthesis, including purification and analysis of reaction products. The applicant should be meticulous and precise when reducing workflows to practice with excellent understanding of fundamental chemical processes. The applicants will then help with elaborating and enumerating details of how best to use new techniques, technologies, and workflows as envisioned by the NCATS ASPIRE team.  Applicants should be enthusiastic to explore new technologies and have patient persistence to develop not-yet fully effective technologies and equipment.  Work location is Rockville MD.

 

Deliverables:

• Work products and documents related to designing, performing, troubleshooting, and optimizing chemical reaction conditions, workup, and purifications for reproducibility and practicality.
• Work products and documents related to producing research reports; conduct and write literature reviews; search chemical databases for journal articles, patents, and related technologies; publish and present relevant projects.
• Work products and documents related to coordinating projects being developed by external collaborators and monitoring their progress.

 

Statement of Work:

• Provides laboratory experience needed to assist in performing various chemical experiments and procedures.
• Utilizes and operates various complex laboratory machines and equipment.
• Maintains and calibrates instruments when required.
• Prepares test solutions, compounds, and reagents and maintains necessary laboratory supplies.
• Helps maintain organized inventory of chemicals.
• Assesses methods and procedures for use in experiments and makes modifications and improvements to resolve problems and meet specific needs.
• Maintains accurate, detailed records of experiments, and evaluates and interprets results for validity and scientific meaning.

Qualifications:

• Minimum master’s degree in chemistry or bachelor’s degree in chemistry with 3+ years of industrial experience.
• Experienced in organic chemical synthesis and can thus craft, optimize and execute chemical synthesis in the laboratory, analyze progress by TLC, HPLC and NMR analysis and is capable of independently analyzing data from such sources.
• Certifications & Licenses
  • B.S or M.S. in Organic Chemistry or a related discipline.
• Strong communication skills, both oral and written.
• Excellent analytical, organizational and time management skills.
• Familiarity with advanced laboratory workstations, instruments, or robotic equipment such as liquid handlers, or other programmatically controlled instrumentation.
• Familiarity with Windows and Mac operating systems and the programs ChemDraw, Power Point, Excel, Word, and other chemistry search engines such as SciFinder and/or Reaxys.

 Benefits

• 100% Medical, Dental, and Vision Coverage for Employees
• Educational Benefits for Career Growth
• Paid Time Off (including Holidays)
• Employee Referral Bonus
• 401k matching
• Flexible Spending Accounts:
  • Healthcare (FSA)
  • Parking Reimbursement Account (PRK)
  • Dependent Care Assistant Program (DCAP)
  • Transportation Reimbursement Account (TRN)

The diversity of Axle’s employees is a tremendous asset. We are firmly committed to providing equal opportunity in all aspects of employment and will not tolerate any illegal discrimination or harassment based age, race, gender, religion, national origin, disability, marital status, covered veteran status, sexual orientation, status with respect to public assistance, and other characteristics protected under state, federal, or local law and to deter those who aid, abet, or induce discrimination or coerce others to discriminate.

 

Accessibility: If you need an accommodation as part of the employment process please contact: 

                                              Email: careers@axleinfo.com

 

Disclaimer: The above description is meant to illustrate the general nature of work and level of effort being performed by individual’s assigned to this position or job description. This is not restricted as a complete list of all skills, responsibilities, duties, and/or assignments required. Individuals may be required to perform duties outside of their position, job description or responsibilities as needed.