GDIT is searching for a Senior Information SecurityAnalyst to join our team in the field of Information Technology with the New York State Medicaid Management Information Systems project. The successful candidate should have experience in or knowledge of Medicaid Management Information Systems, CMS, NIST SP 800-53 and regulatory compliance.
Complete understanding and wide application of technical principles, theories, and concepts related to information security, with particular focus on vulnerability management with an emphasis on effective security and compliance management of vulnerabilities and security patches. General knowledge of other related disciplines such as systems development, configuration management, change management, network security and asset management.
The person chosen for this position will guide the successful completion of major initiatives and may function in a project leadership role. He or she must address erroneous decisions and make recommendations that would typically address failures to ensure achieving major organizational objectives.
Successful candidate will develop technical solutions to a wide range of difficult problems. Solutions are imaginative, thorough, practicable and consistent with organization objectives.
This position is based at GDIT’s office at Riverview Center in Menands, NY.
Principal Duties and Responsibilities:
The successful candidate will:
Be experienced in reviewing and documenting security and privacy controls, documenting plans of action and milestones, and performing security risk analyses.
Have experience in policy, procedure and standards development and review, and experience in developing and reviewing System Security Plans (SSPs) and other security documentation.
Review development processes for Application Security best practices and review application artifacts in each environment.
Provide application scanning, penetration testing and programming/coding for security tooling and scripts.
Experience with advising the development team on how to remediate vulnerabilities, perform application security best practices, and address application security vulnerabilities.
Demonstrate flexibility and the ability to handle other areas of information security, including business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage (insider threat detection and mitigation), and physical security analysis (including facilities analysis, and security management).
New York State Medicaid Management Information Systems (MMIS) experience preferred.
Validate system security requirements definition and analysis; establish system security designs; and implement security designs in hardware, software, data, and procedures.
Validate security requirements and performing system certification and accreditation planning and testing along with liaison activities.
Secure systems operations and maintenance.
Bachelor’s degree or equivalent in Computer Science, Mathematics, Engineering or a related discipline, plus ten (10) or more years related experience in Information Assurance
The successful candidate is able to work in a collaborative team environment as well as individually. Must be able to prioritize and multi-task.
Work is performed with minimal direction. Successful candidate exercises considerable latitude in determining technical objectives of assignment. Completed work is reviewed from a relatively long-term perspective for desired results.
An understanding of Privacy and familiarity with the NIST 800-53 Privacy controls is required
Strong interpersonal and communication skills are required to communicate with customers, support personnel, application development personnel and management
Experience with NIST SP 800-53 or Centers for Medicaid and Medicare Services (CMS) is a plus.
Security Certifications such as Information Systems Certification and Accreditation Professional (ISCAP) or INFOSEC Assessment Methodology Certification (IAM
Certification as an ISSO helpful
CISSP certification is helpful
Familiarity with vulnerability assessment and scanning as well as other security tools, such as, Tenable Nessus, SAST, DAST
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.