Travel Required: Less than 10% Public Trust: Other Requisition Type: Pipeline
GDIT is has one of the largest and most diverse portfolios of work at Department of Health and Human Services Centers for Medicare and Medicaid Services (CMS). We combine deep insight into healthcare benefit administration policy and technology across all of CMS's operational areas. The Security Manager serves as the Systems Security Officer and coordinates the work of Security Analysts to ensure compliance with CMS information security policy (e.g., ARS 3.1). This position provides an opportunity to play a critical role in the migration of CMS's legacy mainframe systems to modern cloud-based architectures, delivering improved scalability and lower total cost of ownership.
The Security Manager/ Lead Security Analyst:
- Safeguards information system assets by identifying and solving potential and actual security problems.
- Protects system by defining access privileges, control structures, and resources
- Recognizes problems by identifying abnormalities; reporting violations
- Implements security improvements by assessing current situation, evaluating trends, and anticipating requirements
- Determines security violations and inefficiencies by conducting periodic audits
- Upgrades system by implementing and maintaining security controls
- Keeps users informed by preparing performance reports and communicating system status
- Maintains technical knowledge by attending educational workshops; reviewing publications
Responsibilities + Duties
- Support security in the system development life-cycle
- Audit firewall configurations
- Respond to real-time system alerts
- Conduct periodic reviews of system audit logs, physical and logical access, and other periodic security controls
- Review network architecture for security
- Support responses to CMS for acceptable risk safeguard
- Support major documents such as risk assessments, contingency plans, and system security plans
- Support external IT and Security audits including penetration tests
- Research, evaluate, and deploy new security products, including security impact assessments
- At least 5 years of experience supporting security compliance for a large scale federal system
- Experience with legacy (e.g., mainframe) and modern (e.g., cloud) hosting environments
- Hands-on experience analyzing high volumes of logs, network data and other attack artifacts in support of incident investigations
- Experience with integrating and operating vulnerability scanning and security monitoring tools (e.g., Tenable, Gigamon, Forescout, Trend Micro)
- The selected applicant will be subject to a government security investigation. US Citizenship may be required to pass this investigation.
- BS or MS in Computer Forensics, Information Security, or related Information Technology discipline
- Prior experience supporting the Centers for Medicare & Medicaid Services (CMS)
- Working understanding of Medicare Advantage systems and data
- Detailed understanding of certification and accreditation cycle as implemented at CMS
- Experience creating System Security Plans for large, complex systems
- Experience with processes and documentation required for Security Impact Assessments, Corrective Action Plans, Plan of Action and Milestones.
- Experience with CMS security policies, processes and tools (e.g., ARS 3.1, HIPAA, FISMA, SCA/ACT assessments, ATO certification, CFACTS)
- Experience establishing and coordinating with SOC/NOC services
- TIA A+ Certified
- TIA Network+ Certified
- TIA Security+ Certified
- ISC2 Certified Information Security Professional (CISSP)
- Suitable for Public Trust clearance
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.