Senior Security Specialist - (177)

As a Senior Security Specialist, you will use your knowledge of CMS ecosystems and the application/security environment in taking vendors /projects through the ATO process.

The Senior Security Specialist is responsible for maintaining the appropriate operational security posture for a federal information system or program with a good understanding of network, infrastructure, and application-based security and has demonstrated experience working with a diverse software development and production support team in Federal enterprise systems.

Responsibilities

• Independently develop a variety of C&A deliverables including: System Security Plans, Information Security Risk Assessments, E-Authentication Risk Analysis, Privacy Risk Assessments, Annual Assessments, Contingency Plans, Incident Response Plans, and FIPS 199 Security Categorizations, etc.
• Work with programs to ensure security functions are implemented throughout all phases of the SDLC for the program(s) that are under their care.
• Familiarity and experience with security monitoring tools and interpretation of vulnerability and risk assessment output.
• Provide Federal Information Security Management Act (FISMA) support and subject matter expertise.
• Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
• Perform periodic internal audits, vulnerability assessments, and application code testing.
• Work with developers to support secure coding practices, explain application-related security findings and how to reproduce them, and make sure information security risks are managed throughout the SDLC phases.
• Use automated tools to perform static source code and dynamic security testing to identify vulnerabilities and attack vectors in web applications.
• Complete a Security Impact Analysis as part of an agile development organization.
• Support, implement, maintain, and monitor security and privacy controls to comply with FISMA, HIPAA, FedRAMP, and NIST RMF requirements and guidance.
• Plan, document, implement, assess, maintain, and monitor security and privacy controls following requirements, policies, standards, processes, and procedures documented in the CMS BPSSM, ARS 3.1, TRA, and RMH.
• Support audits, assessments, and penetration test-related documentation requests and vulnerability remediate efforts.
• Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses identified in security tests and/or audits.
• Maintain current knowledge of relevant security and privacy trends and technology.
• Participate in special projects as required.

Requirements

Responsibilities/Requirements/Skills:

• Independently develop a variety of C&A deliverables including: System Security Plans, Information Security Risk Assessments, E-Authentication Risk Analysis, Privacy Risk Assessments, Annual Assessments, Contingency Plans, Incident Response Plans, and FIPS 199 Security Categorizations, etc.
• Work with programs to ensure security functions are implemented throughout all phases of the SDLC for the program(s) that are under their care.
• Familiarity and experience with security monitoring tools and interpretation of vulnerability and risk assessment output.
• Provide Federal Information Security Management Act (FISMA) support and subject matter expertise.
• Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
• Perform periodic internal audits, vulnerability assessments, and application code testing.
• Work with developers to support secure coding practices, explain application-related security findings and how to reproduce them, and ensure information security risks are managed throughout the SDLC phases.
• Use automated tools to perform static source code and dynamic security testing to identify vulnerabilities and attack vectors in web applications.
• Complete a Security Impact Analysis as part of an agile development organization.
• Support, implement, maintain, and monitor security and privacy controls to comply with FISMA, HIPAA, FedRAMP, and NIST RMF requirements and guidance.
• Plan, document, implement, assess, maintain, and monitor security and privacy controls in accordance with requirements, policies, standards, processes, and procedures documented in the CMS BPSSM, ARS 3.1, TRA, and RMH.
• Support audits, assessments, and penetration test-related documentation requests and vulnerability remediate efforts.
• Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses identified in security tests and/or audits.
• Maintain current knowledge of relevant security and privacy trends and technology.
• Participate in special projects as required.

• Preferred: Experience supporting government customers

• Strong organizational and communication skills
• Ability to manage multiple tasks and prioritize workload based on the needs of the client
• Ability to deal with ambiguity and frequent changes in priorities
• Ability to work with minimal supervision
• Excellent technical writing skills and proven experience in systems with complex requirements
• Excellent teamwork and interpersonal skills with the ability to team with others to meet project objectives
• Understanding of the system development lifecycle as implemented with Agile; SAFe knowledge a plus

THIS POSITION REQUIRES RESIDENCY IN MARYLAND OR NORTHERN VIRGINIA and is PARTIAL REMOTE 2 DAYS A WEEK. THIS POSITION IS NOT ELIGIBLE FOR A FULL REMOTE SCHEDULE.

Only individuals with permanent work authorization should apply. Must be able to obtain a Public Trust Clearance. Fully-vaccinated status for COVID-19 is required as a condition of employment. Hiring candidates with a permanent residence within commuting distance to Columbia, MD.

ABOUT NEXT PHASE SOLUTIONS AND SERVICES, INC.

Innovation. It’s What Defines Us.

Next Phase Solutions and Services, Inc. provides insights and solutions for healthcare, engineering and science research. Next Phase commits to creating an environment where our employees achieve their full potential, increase their productivity, and expand their professional and personal horizons. We look for bright, innovative people that achieve results, understand the importance of being a productive and supportive team member, and put the customer’s satisfaction first. Next Phase leadership is looking for new leaders, scientific and technical subject matter experts, and technically savvy people that are interested in putting forth the effort and commitment needed to grow our company.

Will you join us to share in the success?

Next Phase Solutions and Services, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Benefits

We offer a competitive total compensation and benefits package. Benefits include, but are not limited to:

HEALTH AND WELLNESS BENEFITS

• Medical Insurance (three healthcare plans to choose from), Dental Insurance, and Vision Insurance
• Flexible Spending Account (FSA) and Health Savings Account (HSA)
• Company-sponsored Wellness Program

WELL-BEING PROGRAM

• Our Well-being programs offer a variety of benefits that support our employee’s physical, financial and lifestyle wellness. Enjoy walks around a beautiful lake, work out in our on-site gym, grab a healthy snack, enjoy bagel Fridays and lunches, attend yoga, benefit from a hybrid flex schedule, join a Fitbit group or sports team, or get some great financial advice – just to name a few of the well-being program benefits.

PERSONAL INSURANCE BENEFITS

• Company-paid Life Insurance
• Company-paid AD&D Insurance
• Company-paid Short-term and Long-term Disability Insurance

PAID LEAVE

• Competitive paid-time-off programs
• Paid holidays
• Paid Maternity leave for mothers recovering from the birth of a child

RETIREMENT

• 401K plan with 5% employer contribution (employee contributions are not required to receive 5% employer contribution)

PROFESSIONAL DEVELOPMENT

• Employees are reimbursed for professional development activities including classes, books, technical certification/testing fees, professional dues/subscriptions, professional licenses required for a position

PET INSURANCE

• Choose from two options to help keep your pets happy and healthy

$100 EMPLOYEE TECHNOLOGY ALLOWANCE

• Employees receive a $100/month Technology Allowance to use towards personal mobile phone and Internet plans