Security Assessor (NCI)
The Information Security and Compliance Office (ISCO) is a part of the Data Science and Information Technology Program (DSITP) within Leidos Biomed. The ISCO provides IT security auditing, engineering, and incident response support for the Frederick National Laboratory for Cancer Research (FNLCR) and the National Cancer Institute – Frederick. The mission of the Information Systems Program is to develop an enterprise-level, consolidated information technology infrastructure that provides exceptional IT capabilities to the Frederick National Labs for Cancer Research (NCI-Frederick/FNLCR) in support of basic, translational, and clinical cancer and AIDS research. ISCO supports the life cycle of information security for the scientific mission and administrative functions of the NCI-Frederick/FNLCR, to ensure the availability of information systems, protect the integrity of information, and protect the confidentiality of intellectual property and patient data.
- Obtaining security authorizations for systems under the authority of NCI-Frederick/FNLCR by conducting IT Security audits of the network and devices for Federal Information Security Management Act (FISMA) compliance.
- Ensuring NCI-Frederick/FNLCR information systems maintain appropriate operational security posture consistent with the FISMA, working in close collaboration with information system owners.
- Serving as an advisor on matters involving the security of NCI-Frederick/FNLCR information systems, and provides security awareness and training to NCI-Frederick personnel, customers, and users.
- Developing and ensuring compliance with FNCLR security policies, standards, and procedures.
- Monitoring NCI-Frederick/FNLCR information systems and environments of operations, including developing and updating security plans, managing and controlling changes to NCI-Frederick/FNLCR information systems, and assessing security impact
- Developing and assessing information security requirements for NCI-Frederick/FNLCR, and ensuring information system owners integrate and implement security requirements into the design, development, and configuration of information systems
- Tracking status of open plan of action and milestones (POA&M) items associated with NCI-Frederick/FNLCR information systems and notifying system owners of upcoming milestones
To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:
- Possession of a Bachelor's degree in biomedical science/math/computer related field from an accredited college or university according to the Council for Higher Education Accreditation (CHEA). (Additional qualifying experience may be substituted for the required education).
- Foreign degrees must be evaluated for U.S. equivalency
- In addition to the education requirements, a minimum of six (6) years progressively responsible job related experience. Experience must include functioning as an analyst or equivalent for compliance auditing, information security, information systems, or related.
- Work independently and make decisions regarding complex issues with appropriate consultation of peers, cross-functional teams, and supervisors
- Must be analytical and able to analyze complex information, synthesize disparate data sources, and communicate effectively
- Must be able to develop technical documentation and non-technical presentations; and, express information in a clear, concise, and organized manner, both verbally and in writing
- Possess related security certification (GIAC, ISC2, CompTIA, ISACA) or be willing to obtain within 6 months of hire
- Working knowledge of system and application vulnerability scanning tools
- Demonstrate working knowledge of hardening guides such as Center for Internet Security (CIS) benchmarks
- Demonstrate working knowledge of standards and guidelines for Information Security published by the National Institute of Standards and Technology (NIST)
- Working knowledge and expertise required for administering the information security aspects of information systems in compliance with regulations and directives of FISMA and the Office of Management and Budget (OMB)
- Working knowledge of Windows and Linux systems
- Must be able to obtain and maintain a security clearance
Candidates with these desired skills will be given preferential consideration:
- Master’s Degree preferred
- Previous experience performing full FISMA audits including the evaluation of technical controls without automated tools
- Experience working in a scientific and/or federal environment
- Working knowledge and expertise required for administering the information security aspects of information systems in compliance with regulations and directives of FISMA, and the Office of Management and Budget (OMB)
- Devises solutions based on limited information and uses past experience, evaluation and interpretation to identify solutions or to adapt existing approaches to resolve issues
- Solves complex problems
- Takes a new perspective using existing solutions
- Uses best practices and knowledge of internal and external business issues to improve products or services and suggests variations in approach
- Working knowledge of Windows and Linux systems
- Must be detailed-oriented with the ability to prioritize multiple tasks/projects