Title: Senior Cyber Security Engineer (Job 1356) Location: Bethesda, Maryland Job Description: About Us DLH delivers improved health and national security readiness solutions for federal programs through science research and development, systems engineering and integration, and digital transformation. Our experts in public health, performance evaluation, and health operations solve the complex problems faced by civilian and military customers alike by leveraging advanced tools – including digital transformation, artificial intelligence, data analytics, cloud enablement, modeling, and simulation, and more. With over 2,400 employees dedicated to the idea that “Your Mission is Our Passion,” DLH brings a unique combination of government sector experience, proven methodology, and unwavering commitment to innovation to improve the lives of millions. Overview The Senior Cybersecurity Engineer serves as a technical leader within the National Institute on Aging (NIA) Information System Security Office (ISSO) by designing, implementing, and maintaining security controls that protect NIA information systems, data, and infrastructure. This role ensures compliance with federal cybersecurity standards while proactively identifying and mitigating risks across systems supporting scientific research and administrative operations. This senior-level role is critical to safeguarding systems that support cutting-edge aging research. The ideal candidate is proactive, detail-oriented, and committed to continuous learning in a rapidly evolving cybersecurity landscape. The position requires strong technical expertise, familiarity with federal security frameworks, and the ability to collaborate with system owners, researchers, and IT teams. Responsibilities - Advise on ZTA road map and provide system specific Zero Trust report cards - Conduct security assessments, vulnerability scans, and risk analyses - Monitor system security posture and respond to incidents in coordination with NIH security operations - Implement and manage security tools such as SIEM, endpoint protection, and vulnerability management platforms - Ensure compliance with FISMA, NIST SP 800-53, and NIH/HHS security policies - Design, implement, and maintain cybersecurity controls aligned with NIST RMF (Risk Management Framework) - Support system Authorization to Operate (ATO) processes, including preparation and maintenance of security documentation (SSP, POA&M, SAR) - Provide technical guidance to system owners on secure architecture and system hardening - Support continuous monitoring activities and reporting requirements - Assist with incident response, forensic analysis, and remediation activities - Participate in audits and provide required artifacts and evidence Qualifications - Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience) - 10+ years of progressive experience in cybersecurity engineering, information security, or related roles - CISSP industry certification - Hands-on experience with NIST RMF and federal compliance frameworks (e.g., FISMA, NIST SP 800-53) - Experience supporting ATO processes and developing security documentation (SSP, POA&M, SAR) - Strong understanding of network security, system hardening, identity and access management, and vulnerability management - Experience with security tools such as SIEM (e.g., Splunk), vulnerability scanners (e.g., Tenable, Qualys), and endpoint protection platforms - Experience with Zero Trust Architecture principles - Knowledge of cloud security principles (e.g., AWS, Azure, or GCP) - Familiarity with incident response processes and security operations - Must be able to obtain a Public Trust clearance - On-site or hybrid depending on organizational needs. - Works closely with ISSOs, system owners, cloud engineers, and research staff - Supports a mission-driven environment focused on protecting sensitive biomedical research data - Participates in cross-functional security and compliance initiatives Preferred Qualifications - Master’s degree in Cybersecurity, Information Assurance, or related field - Relevant industry certifications such as CGRC, CISA, CISM, CEH, Security+, or GSEC - Experience within federal agencies, NIH, or HHS environments - Knowledge of FedRAMP and cloud authorization processes - Experience with DevSecOps practices and automation tools - Familiarity with container security and modern application architectures - Strong scripting skills (e.g., Python, PowerShell, Bash) - Excellent communication skills and ability to translate technical risks for non-technical stakeholders. Basic Compensation: $157,000 - $171,000 yearly salary The salary range listed reflects what we reasonably expect to pay for this role at the time of posting. The final offer may vary based on skills, experience, geographic location, market conditions, and internal equity. Additional compensation may include performance incentives and program-specific awards. We do not use salary history to determine compensation, in line with applicable law. Benefits DLH Corp offers our employees an excellent benefits package, including Personal Time Off (PTO), medical, dental, vision, supplemental life with AD&D, short and long-term disability, flexible spending accounts, parental leave, legal services, and more. We want our employees to save for their future; therefore, we offer a 401(k) Retirement Plan, which includes a matching component. DLH is dedicated to your career development, providing training to help drive success, with access to our best-in-class e-learning suite for formal and informal learning, professional and technical certification preparation, and education assistance at accredited institutions.

• Serve as the primary security point of contact for assigned strategic accounts. • Build strong relationships with customer security leadership (CISO org), IT, risk/compliance, and engineering teams. • Lead security governance cadences (monthly/quarterly) including posture reviews, risk discussions, and roadmap alignment. • Conduct discovery sessions to understand customer environments, threat models, and regulatory requirements. • Advise on cloud security controls and best practices (IAM/SSO/MFA, encryption, segmentation, monitoring, vulnerability management, secure SDLC). • Collaborate with internal security specialists on advanced topics (crypto/KMS/HSM, workload isolation, data residency, Zero Trust).

• Implements and maintains EpicCare systems and databases to ensure optimum performance. Performs analysis of new releases and determines how they will impact workflow. • Defines modifications to application software or databases to address system functions or enhancements. • Facilitates Epic updates, new releases and system enhancements. Manages all phases of testing and assists Lead/Project Manager in work effort and project scoping. • Manages complex IT projects/products in order to provide automated solutions that meet Inova Health System's business needs using the EpicCare solution. • Initiates issues for resolution while escalating and communicating status to management in a timely manner. • Conducts and participates in system technical and application reviews to determine feasibility, cost and evaluate usefulness for Inova. Coordinates vendor demos, site visits and reference calls. • Makes recommendations for team/analyst training programs and assists in the development and implementation of team member training/mentoring activities.

• Manage and execute the company’s information security program, including policies, procedures, controls, security standards, risk assessments, remediation tracking, and ongoing security improvements. • Perform day-to-day security activities, including monitoring security tools, reviewing alerts, investigating suspicious activity, coordinating remediation, managing vulnerabilities, and improving detective and preventive controls. • Assess, implement, and maintain security controls across enterprise systems, including infrastructure, endpoints, identity platforms, cloud environments, field service applications, mobile devices, and the Microsoft Azure and Microsoft 365 ecosystems. • Maintain and execute the company’s incident response process. Investigate security events, coordinate containment and remediation efforts, document incidents, and work with internal teams and external partners as needed. • Identify and address cybersecurity risks related to field service scheduling systems, mobile device usage, remote workforce access, geographically dispersed operations, and field technician workflows. • Perform or coordinate vulnerability assessments, risk reviews, security control evaluations, and remediation efforts. Prioritize findings based on business impact, likelihood, and operational risk. • Support and improve identity and access management practices, including user access reviews, privileged access controls, multi-factor authentication, conditional access, endpoint security, and device compliance. • Configure, monitor, and improve security across Microsoft Azure and Microsoft 365 environments, including Entra ID, Defender, Purview, Exchange Online, SharePoint, Teams, Intune, and related security capabilities. • Support disaster recovery and business continuity planning from a cybersecurity perspective. Assist with backup protection, recovery testing, ransomware readiness, and resilience planning. • Maintain security documentation, policies, procedures, standards, risk registers, audit evidence, and compliance-related materials. Help ensure alignment with applicable cybersecurity best practices and business requirements. • Promote a practical security awareness culture across the organization, including field technicians, office staff, operations teams, and business users. Support phishing simulations, user education, and security communications. • Assist with security reviews of vendors, service providers, software platforms, and third-party integrations. Track risks and coordinate follow-up remediation where needed. • Work closely with infrastructure, applications, service desk, operations, and business stakeholders to identify security needs, resolve issues, and implement practical security improvements.