Computer Security System Specialist (Mid) - Endpoint Security

This job opportunity is part of an RFP process; candidates are invited to submit their resumes detailing relevant experience.

Location : Rockville, MD (Hybrid)

LCG is a minority-owned technology consulting firm that has been a trusted partner to more than 40 federal agencies, including 21 of the 27 Institutes and Centers (ICs) at the National Institutes of Health (NIH).

For over 25 years, LCG has brought digitization and innovation to the Health and Human Services (HHS) and the NIH ecosystems.

We support IT organizations by bringing precision technology and operation models that achieve mission capabilities and performance success.

Job Overview : LCG is seeking a skilled and motivated Computer Security System Specialist Level (Mid) with expertise in endpoint security management to join the Tiger Team.

The role is crucial for advancing NIH's vulnerability management (VM) initiatives, building upon the "As-Is" state assessment of NIH’s Vulnerability Management Maturity Level.

The candidate will contribute to operational support, tool integration, and security processes to ensure proactive management of vulnerabilities and endpoint security across NIH systems.

This position will be responsible for maintaining and enhancing NIH’s Vulnerability Management program using tools such as BigFix, Jamf, SCCM , and other vulnerability management solutions.

You will collaborate closely with system engineers, security teams, and leadership to reduce NIH’s cybersecurity vulnerabilities and support a mature endpoint security environment.

Key Responsibilities

• Establish and document processes and procedures for effective Operations & Maintenance (O&M) of the client security program.
• Implement requirements management, version control, and project management using frameworks like SAFe.
• Ensure effective test management, training, release management, and change control processes for the client security site.
• Develop and maintain FISMA-compliant security artifacts (SSP, FIPS-199, e-Auth, etc.) to support client security operations.
• Collaborate with NIH leadership and stakeholders to launch, maintain, and enhance the ESCoE Site, including the integration of back-end tools such as Jira and O365 Planner for managing incident / service requests.
• Maintain interconnectivity with NIH’s PowerBI Vulnerability Management Dashboard and Security Center for real-time vulnerability tracking.
• Lead efforts to explore the client Cybersecurity VM Landscape to identify opportunities for improvement.
• Assist client with patch management best practices, configuration management, and tool migration / upgrades to enhance their vulnerability management processes.
• Contribute high-priority fixlets and solutions to the client security repository.
• Review and prioritize Trans-NIH VM data to assist ICOs needing additional support to meet their VM program goals.
• Conduct technical discussions and presentations by Subject Matter Experts (SMEs) on relevant topics, including Tenable, BigFix, Jamf, registry edits, Group Policy Objects (GPOs), and system scripting.
• Track uploads of fixlets, measure the resolution speed of vulnerability management problems, and monitor solution downloads.
• Provide SharePoint and PowerBI development support for NIH’s ongoing VM efforts as needed.
• Assist with enterprise patch management expertise to support surge needs across NIH Qualifications.

Qualifications

• Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent work experience).
• 5+ years of experience in endpoint security, vulnerability management, or systems engineering with a focus on BigFix, Jamf, and SCCM.
• Strong knowledge of cybersecurity frameworks (e.g., NIST, FISMA) and vulnerability management practices.
• Hands-on experience with patch management tools, configuration management, and system integration.
• Familiarity with Jira, Office365 Planner, and vulnerability management dashboards like PowerBI and Security Center.
• Experience with project management frameworks like SAFe or Agile for managing O&M and development tasks.

Compensation and Benefits

The projected compensation range for this position is $89,600 to $126,650 per year benchmarked in the Washington, D.C. metropolitan area.

The Target Salary is $ 104,300.00 The salary range provided is a good faith estimate representative of all experience levels.

Salary at LCG is determined by various factors, including but not limited to role, location, the combination of education / training, knowledge, skills, competencies, certifications, and work experience.

LCG offers a competitive, comprehensive benefits package which includes health insurance options (medical, dental, vision), life and disability insurance, retirement plan contributions, as well as paid leave, federal holidays, professional development, and lifestyle benefits.

Devoted to Fair and Inclusive Practices

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.

If you are interested in applying for employment with LCG and need special assistance or an accommodation to apply for a posted position, contact our Human Resources department by email at [email protected] .

Securing Your Data

Beware of fraudulent job offers using LCG's name. LCG will never request payment-related details or advancement of money during the application process.

Legitimate communication will only come from lcginc.com or [email protected] emails, not free commercial services like Gmail or WhatsApp.

If you receive suspicious emails asking for payment or personal information, contact us immediately at [email protected] .

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission .