Cybersecurity Engineer

GDIT is seeking a Cybersecurity Engineer to support the Indian Health Service PATH EHR system. This role will help deploy and secure a government-owned Electronic Healthcare Record (EHR) system within a cloud environment. The system needs to be deployed with a secure baseline, ensuring system integrity and compliance with healthcare and government regulations while addressing vulnerabilities in interconnected systems.

Our work depends on a Cybersecurity Engineer joining our team to support the Indian Health Service (IHS) Electronic Health Records Modernization (EHRM) program. As a Cybersecurity Engineer supporting the IHS EHRM program, you will be responsible for supporting the Cybersecurity team to ensure secure implementation of the EHR.

This position is fully remote! 

This role requires you to obtain and maintain an in-depth Public Trust Level 5. This investigation will review personal and criminal behavior, financial conduct, foreign influence, as well as other adjudications. 

HOW A CYBERSECURITY ENGINEER WILL MAKE AN IMPACT: 

• Work with engineering teams to ensure secure implementation of the EHR, with a focus on integration with medical devices and systems.
• Support the implementation and maintenance of security controls across Windows, Linux, container environments, and network systems.
• Assist with vulnerability assessments and security scans across systems, including medical devices interfacing with the EHR.
• Collaborate with engineering teams to validate and enforce authentication protocols and access controls, including multi-factor authentication (MFA) and Single Sign-On (SSO).
• Assist in the deployment and monitoring of required security tools and technologies across cloud and on-premises systems.
• Review and trace authentication paths across multi-platform systems to ensure secure data flow, including the review of interconnections and security compliance between medical systems (HL7-MLLP, FHIR, HTTPS).
• Review interface designs and ensure secure connections in compliance with government requirements, DISA Security Technical Implementation Guides (STIGs), and security best practices.
• Review and document system changes for cybersecurity impacts, including any necessary Ports, Protocols, and Services (PPS) adjustments related to firewall rules.
• Provide support for secure network configurations, including ports, protocols, firewall rule sets, and IDS/IPS configurations across the network.
• Document security procedures and assist in training team members on best practices for securing EHR systems and associated IT environments.
• Review interconnection service agreements to ensure all cybersecurity controls are addressed before submission to government authorities.
• Review and ensure security parameters are embedded in ICDs (Interface Control Documents) for the EHR system.
• Compile a PPSM (Ports, Protocols, and Services Management) Master List tied to the EHR to ensure all connectivity is secure and complies with regulations.

REQUIRED QUALIFICATIONS AND EXPERIENCE: 

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• At least 10 years of experience in cybersecurity and engineering roles, specifically in healthcare, government, or related IT environments.
• Intermediate knowledge of networking concepts, including ports, protocols, encryption standards (e.g., TCP/IP, SSL/TLS), and best practices for securing healthcare systems.
• Understanding of system authentication methods, such as multi-factor authentication (MFA) and Single Sign-On (SSO).
• Experience with cloud environments (e.g., AWS, Azure, OCI) and securing cloud-hosted services.
• Experience with securing operating systems, including Windows and Linux, and their respective security configurations.
• Basic knowledge of container technologies (e.g., Docker, Kubernetes) and their security implications in cloud and on-prem environments.
• Ability to analyze interconnected systems and trace data flows for security risks, including medical devices communicating with EHRs.
• Understanding of NIST 800-53 Risk Management Framework, including conducting security assessments and remediating vulnerabilities.
• Familiarity with healthcare data privacy regulations (HIPAA) and implementing required safeguards to protect patient information.
• Strong knowledge of DISA STIGs and best practices for securing government systems.
• Ability to create and maintain PPSM Master Lists for large-scale systems like the EHR to ensure proper security configurations.
• Experience with Interconnection Security Agreements (ISAs) and ensuring cybersecurity requirements are documented and met.
• Proficient in Microsoft Office Suite, specifically Word, Excel, PowerPoint, and Visio. 
•  Must be able to obtain a Public Trust Level 5 clearance.  
• Ability to travel up to 25% of the year, if needed. 

DESIRED QUALIFICATIONS AND EXPERIENCE: 

• Security certifications such as CompTIA Security+ CE, CISSP (Associate), or equivalent.
• Experience in government and healthcare IT environments with compliance requirements and risk management.
• Advanced knowledge of encryption technologies, key management systems, and data protection.
• Familiarity with scripting languages (e.g., PowerShell, Python) for automating security tasks and improving system security.
• Strong skills in writing and reviewing security documentation, including the preparation of Security Assessment Reports (SARs) and change requests.
• Knowledge of zero-trust architecture principles and their implementation in sensitive healthcare systems.
• Experience with implementing and validating DISA STIGs for secure system configuration.
• Experience with container security best practices and securing containerized applications in a cloud environment.
• Understanding of interconnectivity between EHR systems and medical devices and the protocols used (HL7-MLLP, FHIR, HTTPS) to ensure secure communications.
• Experience using tools like Microsoft Visio for designing architectural, network, and data flow diagrams to map out system interactions.

• Proficiency with Adobe Acrobat Professional. 

• Excellent organizational and time management skills; ability to manage frequently changing priorities of competing importance. 

• Ability to communicate and interact effectively with internal/external teams including key stakeholders and customers. 

• Ability to work independently with minimal supervision and within tight deadlines, following detailed written policies, processes, procedures, and work instructions. 

• Ability to produce high-quality documentation that contributes to the overall success of our program. 

#IHSJobs

#GDITFedHealthJobs