We are GDIT. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that’s important.
We are looking for a Security Architect to join our team. You will support an essential modernization program for a critically important federal healthcare client. This role requires an energetic individual who wants to enhance their professional career in a fast-paced federal environment. The ideal candidate will be savvy to current Federal and agency-level cyber security policies/mandates and be a proven contributor with experiencing achieving security and compliance objectives within a large, enterprise environment.
At GDIT, people are our differentiator. As a Security Architect supporting the Federal Drug Administration, in this role, a typical day will include:
Demonstrated experience with the NIST 800-53Rev 4/5 - “Security and Privacy Controls for Federal Information Systems and Organizations” and a deep understanding of how to evaluate potential control implementations for organizational conformance.
Demonstrated experience implementing NIST SP 800-115 - “Technical Guide to Information Security Testing and Assessment” to include technical computer/network system auditing
In depth understanding of the FISMA, FISCAM and NIST compliance
Demonstrated experience implementing Single Sign-on, Access Control List, Ping Federate/ Okta/ OAuth and SAML
Demonstrated experience in conducting Authorization to Operate (ATO)
Experience with analyzing vulnerability and penetration testing reports to develop and manage POA&Ms to include risk calculations
Experience using security tools (Nessus, Burp Suite, Splunk, Security Center, etc.)
Experience with legacy and new health IT digital architectures including cloud, mobile, IoT, APIs, and AI technologies.
Demonstrated knowledge of data security administration principles, methods, and techniques
Requires familiarity with network concepts, user authentication, and digital signatures
Has thorough knowledge of security principles, concepts, policy, and regulations.
Ability to identify risks in security systems and work with technical experts to resolve security issues.
Ability to obtain a Public Trust clearance
Mature security practices within the Software Development Life Cycle methodology
Ensure systems and security processes integrate with enterprise programs including Continuous Diagnostics and Monitoring (CDM), and HHS Enterprise Governance, Risk, and Compliance tool(s).
Conduct cyber security tests, risk evaluations, assessments and present results to leadership
Guide team in implementing DevSecops methodologies.
Develop and implement threat models within a risk assessment process to prioritize identified security issues and provide mitigation recommendations to stakeholders
Develop and maintain security package documentation and artifacts including SSP, POA&M, ISCP
Provide input on configuration changes and risk recommendations as needed
Perform root cause analysis to identify gaps and provide technical and procedural recommendations that will reduce the exposure to cyber risks
Use data collected from a variety of cyber defense tools (e.g., Vulnerability scanning, IDS alerts, firewalls, network traffic logs) to analyze the security posture of information systems
Support the development and maintenance of security playbook procedures
Respond to and report incidents related to assigned information systems
Provide input and/or develop security processes and procedures
Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
Provides guidance and work leadership to less-experienced technical staff members.
Acquires subject knowledge by collaborating with analysts and engineers
WHAT YOU'LL NEED:
A BA/BS degree (computer science/systems, information systems/technology, engineering/engineering technology, infosec).
Minimum 7 years of security architecture and compliance experience
5 years of relevant security experience may be substituted for education
Desired Skills and Experience
One or more of the following certifications:
Certified Information Systems Security Professional (CISSP
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Certified Data Privacy Solutions Engineer
Certified Ethical Hacker (CEH)
WHAT GDIT CAN OFFER YOU:
Full-flex work week
401K with company match
Internal mobility team dedicated to helping you own your career
Collaborative teams of highly motivated critical thinkers and innovators
Ability to make a real impact on the world around you
About Our Work
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.