CMMC Information Security Engineer - Remote Opportunity

Massachusetts, United States
Salary Not specified
Feb 23, 2021
Employment Level
Employment Type
Full Time

CMMC Information Security Engineer - Remote Opportunity

About Northeastern:
Founded in 1898, Northeastern is a global research university and the recognized leader in experience-driven lifelong learning. Our world-renowned experiential approach empowers our students, faculty, alumni, and partners to create impact far beyond the confines of discipline, degree, and campus.

Our locations—in Boston; Charlotte, North Carolina; London; Portland, Maine; San Francisco; Seattle; Silicon Valley; Toronto; Vancouver; and the Massachusetts communities of Burlington and Nahant—are nodes in our growing global university system. Through this network, we expand opportunities for flexible, student-centered learning and collaborative, solutions-focused research.

Northeastern's comprehensive array of undergraduate and graduate programs— in a variety of on-campus and online formats—lead to degrees through the doctorate in nine colleges and schools. Among these, we offer more than 195 multi-discipline majors and degrees designed to prepare students for purposeful lives and careers.

About the Opportunity:
The Division of Information Technology Services (ITS) is currently seeking a talented individual to fill the role of Security Engineer. This position will be engaged in all-things related to securing and enhancing our extensive and diverse research enterprise initiatives. The role of the Security Engineer is to bridge the gap between high-level security policies/requirements and technical/operational implementation of those requirements. Candidates should have in-depth understanding (SME) of the cybersecurity policies and procedures for information systems involved with handling Controlled Unclassified Information (CUI) along with sufficient technical knowledge/experience to implement them.

As a Security Engineer, the qualified candidate will interact directly with university administration and support staff including members of the Office of the General Council, Research Enterprise Services, Environmental Health and Safety, Department Safety Officers, and Associate Deans for Research. Systems that will be within the scope of this role include (but are not limited to) Proposal and Award System (ePAWS), Contract and Legal Workflow system (eCLAWS), Conflict Disclosure system (eCD), Zoom BAA, Teams for Research, ServiceNow (forms/workflows and ticketing), GCC High O365 tenant, BioRAFT, and other research platforms and systems identified in collaboration with other dedicated Research Application Support staff embedded across the ITS organization.

This is a multi-tasking environment that demands customer service, communication, and organizational skills. A successful candidate will be motivated, results-oriented, and have a willingness to learn. The Information Security Engineer will maintain the operational security posture to ensure information systems (IS) security policies, standards, and procedures are established and followed.

To ensure that essential services are provided to the university community, the employee may be required to work outside his/her regular working hours and university holidays.

Provide engineering support and assistance for research systems including (but not limited to):
  • Proposal and Award System (ePAWS)
  • Contract and Legal Workflow system (eCLAWS)
  • Conflict Disclosure system (eCD)
  • Secure video conferencing platforms (Zoom BAA & Teams)
  • ServiceNow (forms/workflows and ticketing)
  • GCC High O365 tenant
  • BioRAFT
  • Other research platforms and systems identified in collaboration with other dedicated Research Application support staff embedded across the ITS organization.
  • Evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives.
  • Participate in the change management process, and assess security impact of proposed changes.
  • Conduct assessment testing and reporting in accordance with 800-171 and the Cybersecurity Maturity Model Certification
  • Identify deficiencies (POA&M) and provides recommendations for solutions.
  • Work with research and other university stakeholders to perform incident response
  • Raise awareness on security initiatives
  • Track and report on key metrics.

  • Bachelor's degree in Computer Science or Information Systems
  • 4+ years of experience in a security engineering role.
  • Strong familiarity with the NIST and Risk Management Framework (RMF), including NIST SP800-53 and NIST 800-171.
  • Experience defining and deploying security monitoring, metrics, and logging solutions/strategies across applications, systems, and services where available.
  • Strong understanding of vulnerability management and remediation processes, and fundamentals of continuous monitoring.
  • The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.

Preferred Qualifications:

Not Applicable

Salary Grade:

Additional Information:
A criminal background check is required for this role.

This is a remote position.

Northeastern University is an equal opportunity employer, seeking to recruit and support a broadly diverse community of faculty and staff. Northeastern values and celebrates diversity in all its forms and strives to foster an inclusive culture built on respect that affirms inter-group relations and builds cohesion.

All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, religion, color, national origin, age, sex, sexual orientation, disability status, or any other characteristic protected by applicable law.

To learn more about Northeastern University's commitment and support of diversity and inclusion, please see

To apply, visit


Similar jobs

Similar jobs