Security Architect

We are GDIT. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that’s important.

We are looking for a Security Architect to join our team. You will support an essential modernization program for a critically important federal healthcare client.  This role requires an energetic individual who wants to enhance their professional career in a fast-paced federal environment.  The ideal candidate will be savvy to current Federal and agency-level cyber security policies/mandates and be a proven contributor with experiencing achieving security and compliance objectives within a large, enterprise environment.

At GDIT, people are our differentiator. As a Security Architect supporting the Federal Drug Administration, in this role, a typical day will include:

• Demonstrated experience with the NIST 800-53Rev 4/5 - “Security and Privacy Controls for Federal Information Systems and Organizations” and a deep understanding of how to evaluate potential control implementations for organizational conformance.
• Demonstrated experience implementing NIST SP 800-115 - “Technical Guide to Information Security Testing and Assessment” to include technical computer/network system auditing
• In depth understanding of the FISMA, FISCAM and NIST compliance
• Demonstrated experience implementing Single Sign-on, Access Control List, Ping Federate/ Okta/ OAuth and SAML
• Demonstrated experience in conducting Authorization to Operate (ATO)
• Experience with analyzing vulnerability and penetration testing reports to develop and manage POA&Ms to include risk calculations
• Experience using security tools (Nessus, Burp Suite, Splunk, Security Center, etc.)
• Experience with legacy and new health IT digital architectures including cloud, mobile, IoT, APIs, and AI technologies.
• Demonstrated knowledge of data security administration principles, methods, and techniques
• Requires familiarity with network concepts, user authentication, and digital signatures
• Has thorough knowledge of security principles, concepts, policy, and regulations. 
• Ability to identify risks in security systems and work with technical experts to resolve security issues.
• Ability to obtain a Public Trust clearance

Responsibilities:

• Mature security practices within the Software Development Life Cycle methodology
• Ensure systems and security processes integrate with enterprise programs including Continuous Diagnostics and Monitoring (CDM), and HHS Enterprise Governance, Risk, and Compliance tool(s).
• Conduct cyber security tests, risk evaluations, assessments and present results to leadership
• Guide team in implementing DevSecops methodologies.
• Develop and implement threat models within a risk assessment process to prioritize identified security issues and provide mitigation recommendations to stakeholders
• Develop and maintain security package documentation and artifacts including SSP, POA&M, ISCP
• Provide input on configuration changes and risk recommendations as needed
• Perform root cause analysis to identify gaps and provide technical and procedural recommendations that will reduce the exposure to cyber risks
• Use data collected from a variety of cyber defense tools (e.g., Vulnerability scanning, IDS alerts, firewalls, network traffic logs) to analyze the security posture of information systems
• Support the development and maintenance of security playbook procedures
• Respond to and report incidents related to assigned information systems
• Provide input and/or develop security processes and procedures
• Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
• Provides guidance and work leadership to less-experienced technical staff members.
• Acquires subject knowledge by collaborating with analysts and engineers

WHAT YOU'LL NEED:

• A BA/BS degree (computer science/systems, information systems/technology, engineering/engineering technology, infosec).
• Minimum 7 years of security architecture and compliance experience
• 5 years of relevant security experience may be substituted for education

Desired Skills and Experience

• One or more of the following certifications:
• Certified Information Systems Security Professional (CISSP
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Data Privacy Solutions Engineer
• Certified Ethical Hacker (CEH)

WHAT GDIT CAN OFFER YOU:

• Full-flex work week
• 401K with company match
• Internal mobility team dedicated to helping you own your career
• Collaborative teams of highly motivated critical thinkers and innovators
• Ability to make a real impact on the world around you