Type of Requisition: Regular
Clearance Level Must Be Able to Obtain: None
Public Trust/Other Required: None
Job Family: Information Security
At GDIT, people are our differentiator. We are seeking an Information Security Analyst to join our team to support Centers for Medicare & Medicaid Services (CMS) activities at Windsor Mill, MD. As an Information Security Analyst supporting a CMS contract, you will work with a security team to analyze, enforce and document the program's compliance to the CMS Acceptable Risk Safeguards (CMS ARS). This effort includes implementing and maintaining these security safeguards designed to minimize the CMS security risk and protect confidentiality, integrity, and availability of sensitive data, including privacy information.
This is a more entry level position and part of a slightly larger Information Security team responsible for establishing and maintaining a high security posture for a critical Federal Information System. Our team's security responsibility includes, but not limited to, developing IT security strategy and architecture, establishing security operations and monitoring, implementing risk and vulnerability management processes, remediating weaknesses, conducting audits and assessments, maintaining all manner of IT security documentation, managing access, and enforcing Federal and Organizational policies.
**Ability to pass CMS background check and meet the residency requirement for having resided in the US at least three out of the last five years.
In this role, a typical day will include:
Provide support to and participate in the conduct of continuous security monitoring activities. (Nessus security scanning and reporting).
Analysis, assessment, and response to anomalous activity in support of security events and incident response.
Develop and maintain security documentation required to maintain an authority to operate.
Develop and maintain Standard Operating Procedures (SOPs) related to security related activities.
Coordinate and collaborate with technical subject matter experts (SMEs) to ensure ongoing system security as part of development efforts and special projects.
RESPONSIBILITIES:
Develop system security documentation in support of authorization and continuous monitoring under the CMS ARS requirements.
Coordinate with Data Owners, System Administrators, infrastructure personnel, and developers for security relevant changes to System Security Plans (SSPs).
Monitor/maintain SSPs for hardware and software changes to the FISMA system.
Ensures systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the CMS ARS.
Review audit events for information systems (Splunk) and address events/incidents that occur with stakeholders.
Maintains records, outlining required patches/system upgrades that have been accomplished throughout the information system's life cycle.
Create and maintain Plan of Action and Milestones (POAM) as required.
Coordinate Nessus/Tenable Security Center scans, reporting and maintenance.
Participates and leads in internal and external security audits/inspections (ACTS and Penetration.
Evaluates proposed changes or additions to the information system through SIAs and advises the (ISSO) of their security relevance.
Implements, enforces, communicates and develops security policies or plans for data, software applications, hardware, telecommunications and information systems security education/awareness programs.
Ensure compliance with regulations and privacy laws.
REQUIRED QUALIFICATIONS:
Bachelor's Degree in Information Systems, Business, Computer Science, Engineering, or a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience.
2+ years relevant work experience as an Information Security Analyst and has direct experience with CMS.
Familiarity with Nessus or Tenable Security Center.
Security+ and/or Network+ certification.
Candidate MUST be a US Citizen to be Considered for this Position.
Position is 100% Telework.
DESIRED QUALIFICATIONS:
Knowledge of general computing technologies (Windows Server, Linux, databases, TCP/IP network stack, scripting languages, etc.)
Experience with troubleshooting and analysis of security or information technology issues.
Information Assurance and/or Cybersecurity educational coursework completed.
Familiarity with Splunk or similar SIEM tool.
Thorough understanding of NIST 800-53.
Experience with creating and reviewing documentation such as SOPs and policies.
ATTRIBUTES FOR SUCCESS:
Strong analytical and organizational skills.
Excellent verbal and written communication skills.
Ability and comfort level to conduct presentations for existing customer audiences.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.