Bachelor's degree in Computer Science, Cyber Security, or related field
10+ years of cybersecurity engineering or security architecture experience
Experience designing and implementing security controls in federal or regulated environments
Expertise with NIST RMF, NIST SP 800-53 controls, FISMA compliance, and security authorization/ATO processes
Requirements:
Lead security engineering and architecture activities and implement NIST 800-53 controls, aligning architectures with NIST SP 800-53, NIST SP 800-37, NIST SP 800-160, FISMA, and NIH security policies
Advise development teams on secure SDLC practices and integrate DevSecOps and security-by-design principles across the system development lifecycle for NCATS/NIH environments
Provide incident response support including triage, containment, analysis, escalation, remediation, forensics, and reporting; coordinate with NCATS IT and NIH Cyber Security Operations
Develop RMF artifacts (SSPs, SAPs, SARs, POAMs, Continuous Monitoring Strategies, PIAs), support ATO readiness, and participate in FedRAMP and security assessment activities where applicable
Job description
cFocus Software seeks a Sr. Cybersecurity Engineer / Architect to join our program supporting the National Institutes of Health (NIH). This position is remote. This position requires a Public Trust clearance. Qualifications:
Bachelor’s degree in Computer Science, Cyber Security, or related field.
10+ years of cybersecurity engineering or security architecture experience.
Experience designing and implementing security controls in federal or regulated environments.
Security architecture and engineering practices
NIST Risk Management Framework (RMF)
NIST SP 800‑53 security controls
FISMA compliance
Security authorization / ATO processes
Incident response and threat analysis
Network security architecture and firewall management
Duties:
Lead security engineering and architecture activities
Implement NIST 800-53 controls
Advise development teams on secure SDLC practices
Support incident response analysis
Implement security controls and network protections
Design, review, and implement secure architectures supporting hybrid scientific and IT environments across NCATS infrastructure.
Provide technical leadership on security engineering solutions supporting secure system development and infrastructure modernization.
Ensure architectures align with NIST SP 800‑53, NIST SP 800‑37, NIST SP 800‑160, FISMA, and NIH security policies.
Integrate security engineering practices across the system development lifecycle (SDLC) using DevSecOps and security‑by‑design principles.
Provide technical cybersecurity consulting to developers, engineers, and project stakeholders implementing NIST SP 800‑53 Rev. 5 security and privacy controls throughout system development.
Participate in architecture discussions, sprint reviews, and design reviews to ensure security requirements are integrated into system design and implementation.
Map system functionality to applicable security controls and develop control baselines aligned with system FIPS‑199 categorizations.
Provide implementation guidance on encryption, identity management, logging, secure API management, and other security technologies.
Assist with development of RMF artifacts including SSPs, SAPs, SARs, POA&Ms, Continuous Monitoring Strategies, and PIAs.
Serve as a technical lead supporting incident response coordination, analysis, and remediation across NCATS systems.
Coordinate with NCATS IT teams, security stakeholders, and the NIH Cyber Security Operations team.
Perform incident triage, containment, analysis, escalation, and remediation activities.
