Cybersecurity Analyst

GDIT is seeking a Cybersecurity Analyst to support the Indian Health Service PATH EHR system. This role will help deploy, assess, and secure a government-owned Electronic Healthcare Record (EHR) system within a cloud environment. The system must be deployed with a secure baseline, ensuring system integrity, confidentiality, and availability while maintaining compliance with healthcare and federal cybersecurity regulations and addressing vulnerabilities across interconnected medical and enterprise systems.

GDIT has been supporting the IHS mission for 20+ years; working with the agency to provide integral services to raise health access and availability to 2.6 million American Indians and Alaska Natives. You'll be part of modernizing the EHR platform to enable better data access, patient experience, and quality of care for 567 tribes, 37 states, and over 600 medical facilities.

Our work depends on a Cybersecurity Analyst joining our team to support the Indian Health Service (IHS) Electronic Health Records Modernization (EHRM) program. As a Cybersecurity Analyst supporting the IHS EHRM program, you will be responsible for performing security assessments, analyzing system configurations, identifying vulnerabilities, and ensuring compliance with federal cybersecurity requirements throughout the EHR implementation lifecycle.

This position is fully remote!

This role requires you to obtain and maintain an in-depth Public Trust Level 5. This investigation will review personal and criminal behavior, financial conduct, foreign influence, as well as other adjudications.

HOW A CYBERSECURITY ANALYST WILL MAKE AN IMPACT:

• Conduct security assessments and support Authorization to Operate (ATO) activities under the NIST Risk Management Framework (RMF).
• Analyze security scan results (e.g., ACAS, Nessus, container scans) and track remediation efforts to closure.
• Perform continuous monitoring activities and maintain security documentation to support compliance with NIST 800-53 controls.
• Review and validate secure configurations across Windows, Linux, cloud, container, and network environments.
• Support the assessment of medical device integrations and EHR system interfaces to identify cybersecurity risks.
• Evaluate and document Ports, Protocols, and Services (PPS) requirements and maintain the PPSM Master List for EHR-related systems.
• Review firewall rules, boundary protections, IDS/IPS configurations, and secure network architecture diagrams.
• Assist in reviewing and validating DISA Security Technical Implementation Guides (STIGs) compliance.
• Assess authentication and access control implementations including MFA, SSO, RBAC, and privileged access management.
• Review Interface Control Documents (ICDs) and Interconnection Security Agreements (ISAs) to ensure cybersecurity requirements are met prior to submission.
• Support incident response efforts by analyzing logs, alerts, and security events impacting the EHR environment.
• Develop and maintain security documentation including Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and change requests.
• Provide cybersecurity recommendations to engineering and architecture teams to mitigate risk across cloud and on-prem environments.
• Assist in ensuring HIPAA and federal data privacy safeguards are implemented to protect patient information.

REQUIRED QUALIFICATIONS AND EXPERIENCE:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 3+ years of experience in cybersecurity analysis, assessment, or compliance roles in healthcare, government, or regulated IT environments.

• Experience with Cherokee Native American Culture and Indian Health personnel required
• Strong knowledge of NIST 800-53 and the Risk Management Framework (RMF), including security control assessments and POA&M management.
• Experience conducting vulnerability assessments and analyzing scan results.
• Knowledge of networking concepts including TCP/IP, ports, protocols, encryption standards (SSL/TLS), and secure network architecture principles.
• Understanding of authentication methods such as MFA, SSO, and identity federation.
• Experience with cloud environments (e.g., AWS, Azure, OCI) and applying security best practices to cloud-hosted services.
• Experience securing Windows and Linux operating systems.
• Familiarity with container technologies (Docker, Kubernetes) and associated security controls.
• Understanding of healthcare data privacy regulations (HIPAA) and federal information security standards (FISMA).
• Experience with DISA STIG validation and remediation.
• Ability to develop and maintain PPS documentation and security artifacts.
• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Visio).
• Must be able to obtain a Public Trust Level 5 clearance.
• Ability to travel up to 25% of the year, if needed.

DESIRED QUALIFICATIONS AND EXPERIENCE:

• Masters degree strongly preferred.

• Security certifications such as CompTIA Security+ CE, CISSP (Associate or full), CISM, or equivalent.
• Experience supporting federal ATO processes and interacting with Authorizing Officials (AOs).
• Advanced knowledge of encryption technologies, key management systems, and secure data transmission methods.
• Experience with zero-trust architecture implementation in federal healthcare environments.
• Familiarity with scripting languages (PowerShell, Python) to automate security analysis and reporting.
• Experience reviewing and securing healthcare interoperability standards (HL7-MLLP, FHIR, HTTPS).
• Experience supporting large-scale federal EHR implementations or healthcare IT modernization programs.
• Strong analytical and documentation skills with experience producing high-quality cybersecurity artifacts.
• Excellent organizational and time management skills with the ability to manage competing priorities.
• Ability to communicate effectively with engineers, architects, government stakeholders, and medical system owners.
• Ability to work independently within structured federal compliance frameworks.
• Proficiency with Adobe Acrobat Professional.

GDIT IS YOUR PLACE:

• Full-flex work week to own your priorities at work and at home.
• 401K with company match.
• Comprehensive health and wellness packages.
• Internal mobility team dedicated to helping you own your career.
• Professional growth opportunities including paid education and certifications.
• Cutting-edge technology you can learn from.
• Rest and recharge with paid vacation and holidays.

#IHSJobs
#GDITFedHealthJobs