Overview

HYBRID

Public Trust Clearance requirement.

 

BRMi is seeking a Security Analyst to support cybersecurity operations, risk management, compliance, and information assurance activities in support of NIH enterprise IT environments. The Security Analyst will work closely with technical teams, system owners, and government stakeholders to ensure the confidentiality, integrity, and availability of systems, networks, and data.

 

The ideal candidate will possess strong technical cybersecurity expertise, experience supporting federal security requirements, and the ability to identify, assess, and mitigate security risks across complex IT environments.

 

Benefits:• Comprehensive Medical, Dental, and Vision Insurance• Employer-Paid Life Insurance• Employer-Paid Short-Term and Long-Term Disability Insurance• 401(k) • Paid Time Off (PTO) that includes Vacation Leave, Sick Leave, and 11 Paid Holidays• Educational Assistance

 

Salary: $100K-$120K

HYBRID

Work Location: Primary place of performance is Bethesda, Maryland, supporting NIH facilities and approved remote work locations in accordance with Government policies.

 

Responsibilities

• Cybersecurity Operations

  • Monitor, analyze, and respond to cybersecurity events, incidents, and vulnerabilities.
  • Support security monitoring, threat detection, and incident response activities.
  • Conduct security assessments and identify potential risks and weaknesses.
  • Recommend and implement corrective actions to improve security posture.
  • Assist in the development and maintenance of security procedures and standards.

   

• Risk Management & Compliance

  • Support Risk Management Framework (RMF) activities.
  • Assist with security control assessments, testing, and documentation.
  • Develop and maintain System Security Plans (SSPs), POA&Ms, security assessments, and supporting documentation.
  • Ensure compliance with federal cybersecurity requirements, policies, and standards.
  • Support system authorization and continuous monitoring activities.

   

• Vulnerability Management

  • Analyze vulnerability scan results and coordinate remediation activities.
  • Track remediation efforts and ensure timely resolution of identified findings.
  • Collaborate with infrastructure and application teams to address security risks.
  • Provide recommendations for security hardening and configuration management.

   

• Security Engineering Support

  • Evaluate security controls and system configurations.
  • Support implementation of cybersecurity technologies and solutions.
  • Assist with identity and access management activities.
  • Participate in security architecture reviews and technology evaluations.
  • Support cloud security and modernization initiatives as required.

   

• Reporting & Stakeholder Engagement

  • Prepare security reports, risk assessments, and compliance documentation.
  • Present findings and recommendations to technical and non-technical stakeholders.
  • Support audits, inspections, and security reviews.
  • Maintain effective communication with government leadership and project teams.
• Perform other duties as assigned

Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field.
• 5–8 years of cybersecurity, information assurance, or information security experience.
• Experience supporting federal cybersecurity programs and compliance requirements.
• Knowledge of NIST Cybersecurity Framework, NIST 800-53, RMF, FISMA, and federal security requirements.
• Experience conducting security assessments, vulnerability management, and risk analysis.
• Experience supporting system authorization and continuous monitoring activities.
• Strong analytical, problem-solving, and communication skills.
• Ability to obtain and maintain a federal background investigation.
• Candidates must possess the following certifications:
  • Security+
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Ethical Hacker (CEH)
• Preferred Experience
  • Experience supporting NIH, HHS, or other federal civilian agencies.
  • Experience with Splunk, Tenable, Nessus, Microsoft Defender, or similar security tools.
  • Experience supporting cloud environments including Azure or AWS.
  • Experience with security incident response and threat hunting.
  • Experience supporting biomedical research, scientific computing, or healthcare IT environments.

** BRMi will not sponsor applicants for work visas for this position.**

**This is a W2 opportunity only**