Senior Cybersecurity Operations Engineer (On-Site: Washington, DC)

Position Summary

The Senior Cybersecurity Operations Engineer leads the daily operation and continuous

improvement of the NIsecurity operations program. Working with minimal supervision, this

individual configures, tunes, and operates the agency security tool set, conducts ongoing security

assessments, performs threat hunting and incident response, and develops the automation and

documentation that sustain a strong agency security posture.

Key Responsibilities

• Apply information systems security principles, NIST guidelines, FISMA, CISA direction, and

Federal directives to conduct ongoing security assessments of installed systems and networks,

and recommend corrective actions.

• Perform systems engineering and maintenance activities in accordance with established

standards.

• Apply networking knowledge across LAN, Microsoft Azure, and wireless environments

when implementing and troubleshooting security solutions.

• Advance NIsecurity operations capabilities by evaluating current strategies and aligning

them with industry best practices.

• Ensure effective configuration and daily operation of tools that support the NIGC

cybersecurity strategy, including SIEM integration, Syslog, Network Detection and Response

(NDR), Endpoint Detection and Response (EDR), firewalls, Microsoft 365 cloud security,

Defender for Cloud, and Continuous Diagnostics and Mitigation (CDM) capabilities.

• Collaborate with the CISO and Privacy Officer to develop plans, techniques, and measurable

objectives that improve cybersecurity and privacy protections for sensitive information.

• Work with other teams to integrate NIapplications and IT services in a manner that

addresses security implications and meets NIsecurity requirements.

• Maintain threat awareness, monitor NIinformation systems for exploits and suspicious

activity, analyze aggregated logs, and perform regular threat hunting.

• Develop security orchestration and automation capabilities, and create detection and response

configuration policies that increase automation.

• Adhere to continuous monitoring practices to evaluate the effectiveness of implemented

controls and protect the confidentiality, integrity, and availability of NIinformation

systems.

• Execute incident response activities in accordance with the NIincident response plan, and

develop incident handling procedures.

Validate that sufficient and relevant information is captured and retained from security tools

to support security awareness and incident investigations.

• Collect security operations performance and posture management metrics, and prepare threat

reports that inform risk management decisions.

• Develop and maintain accurate security operations documentation, including standard

operating procedures for recurring tasks.

Demonstrated Hands-On Experience (Evaluation Emphasis)

The selected individual must demonstrate hands-on experience architecting, implementing,

configuring, and managing enterprise security operations tools and capabilities within a production

environment. The candidate shall clearly describe direct technical experience supporting cyber

operations activities, including deploying, administering, tuning, maintaining, and operationally

managing security tools such as SIEM platforms, EDR solutions, intrusion detection and

prevention systems (IDS/IPS), vulnerability management platforms, log management tools,

security monitoring solutions, and cloud security technologies, as applicable.

The candidate shall provide specific examples of hands-on responsibilities, including the

environments supported, technologies used, the scope of implementation or administration

activities performed, and the operational outcomes achieved. Experience limited primarily to

cybersecurity analysis, compliance support, policy development, governance activities, or incident

response coordination, without substantial hands-on cyber operations and security engineering

responsibilities, will be viewed as less competitive. While security analysis and incident response

experience is beneficial, it does not substitute for demonstrated hands-on experience managing

and operating cybersecurity tools and operational security environments.

Clearance and Work Conditions

• Place of performance: primarily onsite at NIHeadquarters, 550 12th Street SW,

Washington, DC 20024. Limited remote work may be authorized at the discretion of the

Federal Task Manager.

• Schedule: Monday through Friday, 8:00 AM to 5:00 PM, excluding Federal holidays.

• Successfully complete applicable background investigations and obtain and maintain a Public

Trust clearance.

• Execute a Non-Disclosure Agreement, comply with all NIpolicies, and acknowledge and

sign the NIRules of Behavior.

• Obtain a Government-issued PIV Card and use only Government-furnished equipment to

access the NIenvironment.