Logo
Advancia Aeronautics LLC

CyberSecurity Engineer

Advancia Aeronautics LLC, Bethesda, Maryland, us, 20811


Position Title: Cyber Security Engineer

Division:

AA

Location:

Bethesda, MD (Hybrid Schedule)

Position Summary

The goal of this position is to provide early clarity on information technology assets (IT) and IT systems requirements for the Surgery, Radiology L& Laboratory Medicine (SRLM) Facilities, Clinical Center expansion project at the National Institutes of Health (NIH), Bethesda, MD. Specific requirements and deliverables include establishing a validated equipment list and rough order of magnitude (ROM) estimate for new IT assets and IT systems required for the project. In addition, review of the facility design for equipment infrastructure requirements; development of a detailed plan for IT systems; definition of cybersecurity requirements and other objectives. The Cybersecurity Engineer shall develop cybersecurity requirements that will aid in future SRLM Facilities planning and ensure adherence with Federal policies and NIH-specific cybersecurity requirements. Also, develop detailed cybersecurity requirements to be used in the future to comply with NIH requirements for cybersecurity certification, Risk Management Framework (RMF) compliance and Authority to Operate for new and reuse equipment.

**Position is dependent upon contract award, candidate government acceptance and pass government security investigation

Essential Duties & Responsibilities

• Inventory existing systems and components and include results in the overall revised inventory for each department.

• Develop an IT Systems plan that includes system capabilities and features, anticipated devices and components, reuse considerations. Include results for these systems in the VEL and ROM Estimate.

• Develop detailed cybersecurity requirements to be used in the future to comply with NIH requirements for cybersecurity certification, Risk Management Framework compliance and Authority to Operate for new and reuse equipment.

• Coordinate with NIH CC DCRI and CIT to collect and review current NIH procedures for meeting cybersecurity requirements, Risk Management Framework (RMF) and Authority to Operate (ATO) requirements for existing and new IT systems and assets. Update and combine these results and develop a plan and process into a for meeting cybersecurity requirements, for use in the later IO&T task order for the SRLM facilities.

• Validated Equipment List. The result of the validation process shall be a preliminary Validated Equipment List (VEL) that identifies all new and reuse equipment. The VEL shall include all new equipment required for the project, whether it is to be purchased under the future IO&T task order or by the Government, and all reuse equipment. For example, as noted above, major diagnostic imaging systems are planned to be purchased by NIH, but those items shall be included in the VEL.

o The VEL should include owning Institute/Department/Branch, JSN or item number, description, category (e.g., RADIS scanner, Lab Instrument, IT Device, IT System, Furniture, Telephone, etc.), designation of new or reuse, current room location for reuse items, new room location, responsible department, and any other information to completely identify the equipment item. For existing reuse equipment, the VEL should include barcode number, make and model and information about age of the item. Include lead times in the VEL.

o For IT Systems and devices, the VEL shall include mobile devices rolled into each department and identify any special network requirements.

o The VEL shall include any network specifics, such as a separate LAN. This information is needed to setup of the device in the new spaces. For example, STREAMCONNECT is on a special VLAN requiring a special port.

o VELs shall be completed and provided by department, i.e., RADIS, DLM, DPM/IR, NHLBI Cath Lab. Provide a CC VEL that includes IT systems and components for the systems defined in Sections 7.1.2, 7.1.3 and 7.1.4. The VEL shall include a field to state the IT system name for each component and identify any new systems not listed in Sections 7.1.1 through 7.1.5 below.

o VELs shall be provided in editable MS Excel format. All changes shall be tracked with starting and revised quantity, and shall identify who requested the change, justification to support a change, and date.

• Completes data collection to support to include: Contractor Computer Cybersecurity Compliance Statements, System Security Plan (Draft, combination of POAM, checklist to be completed, and IV&V, Security Plan), Control System Inventory Report, Cybersecurity STIGs/SRGs (including ver. numbers) Report, Network Communication Report (PPSM), Cybersecurity Riser Diagram, Cybersecurity Interconnection Schedule, Control System Cybersecurity Documentation, etc.

• Maintains responsibility for managing scope, cost, schedule, internal staffing, vendors and contract deliverables

• Develops project plans, monitors project milestones and generates periodic status reports reporting to stakeholders as needed

• Coordinates with end users, customers, technology vendors, project managers and key personnel to determine technology requirements including, but not limited to, the review and validation of technology requirements, designs and associated plans

• Meets with end users/customers to review, document and forecast technology requirements to include reuse of existing technologies, determining replacement or purchase of new technologies and placement of technologies in new facility

• Other duties as assigned

Education & Experience Requirements



Must be a United States Citizen



Bachelor's Degree in Computer Science, Information Systems or a related subject and 3 years of related experience OR 6 years of related experience accepted in lieu of Bachelor's Degree.



CISSP certification (a plus but not required)

• General knowledgeable of medical devices and IT used in a large hospital environment

• Minimum 3-years' experience managing RMF/ATO processes in a federal healthcare-centric environment (NIH preferred)

• Proven leadership, conflict resolution and personnel management skills; work independently, part of team and/or lead a project team

• Proficient with computer operations, Microsoft Office suite of products, to include Microsoft Project, and associated programs

#ClearanceJobs

Advancia Aeronautics, LLC is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because that is what drives curiosity, innovation, and the success of our business. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, veteran status, disability status, pregnancy, parental status, genetic information, political affiliation, or any other status protected by the laws or regulations in the locations where we operate. Accommodations are available for applicants with disabilities.