GDIT is has one of the largest and most diverse portfolios of work at Department of Health and Human Services Centers for Medicare and Medicaid Services (CMS). We combine deep insight into healthcare benefit administration policy and technology across all of CMS’s operational areas. The Security Manager serves as the Systems Security Officer and coordinates the work of Security Analysts to ensure compliance with CMS information security policy (e.g., ARS 3.1). This position provides an opportunity to play a critical role in the migration of CMS’s legacy mainframe systems to modern cloud-based architectures, delivering improved scalability and lower total cost of ownership.
The Security Manager/ Lead Security Analyst:
Safeguards information system assets by identifying and solving potential and actual security problems.
Protects system by defining access privileges, control structures, and resources
Recognizes problems by identifying abnormalities; reporting violations
Implements security improvements by assessing current situation, evaluating trends, and anticipating requirements
Determines security violations and inefficiencies by conducting periodic audits
Upgrades system by implementing and maintaining security controls
Keeps users informed by preparing performance reports and communicating system status
Maintains technical knowledge by attending educational workshops; reviewing publications
Responsibilities + Duties
Support security in the system development life-cycle
Audit firewall configurations
Respond to real-time system alerts
Conduct periodic reviews of system audit logs, physical and logical access, and other periodic security controls
Review network architecture for security
Support responses to CMS for acceptable risk safeguard
Support major documents such as risk assessments, contingency plans, and system security plans
Support external IT and Security audits including penetration tests
Research, evaluate, and deploy new security products, including security impact assessments
At least 5 years of experience supporting security compliance for a large scale federal system
Experience with legacy (e.g., mainframe) and modern (e.g., cloud) hosting environments
Hands-on experience analyzing high volumes of logs, network data and other attack artifacts in support of incident investigations
Experience with integrating and operating vulnerability scanning and security monitoring tools (e.g., Tenable, Gigamon, Forescout, Trend Micro)
The selected applicant will be subject to a government security investigation. US Citizenship may be required to pass this investigation.
BS or MS in Computer Forensics, Information Security, or related Information Technology discipline
Prior experience supporting the Centers for Medicare & Medicaid Services (CMS)
Working understanding of Medicare Advantage systems and data
Detailed understanding of certification and accreditation cycle as implemented at CMS
Experience creating System Security Plans for large, complex systems
Experience with processes and documentation required for Security Impact Assessments, Corrective Action Plans, Plan of Action and Milestones.
Experience with CMS security policies, processes and tools (e.g., ARS 3.1, HIPAA, FISMA, SCA/ACT assessments, ATO certification, CFACTS)
Experience establishing and coordinating with SOC/NOC services
TIA A+ Certified
TIA Network+ Certified
TIA Security+ Certified
ISC2 Certified Information Security Professional (CISSP)
Suitable for Public Trust clearance
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.