Senior Security Specialist - (177)
Columbia, Maryland, United States
As a Senior Security Specialist, you will use your knowledge of CMS ecosystems and the application/security environment in taking vendors /projects through the ATO process.
The Senior Security Specialist is responsible for maintaining the appropriate operational security posture for a federal information system or program with a good understanding of network, infrastructure, and application-based security and has demonstrated experience working with a diverse software development and production support team in Federal enterprise systems.
Responsibilities
- Independently develop a variety of C&A deliverables including: System Security Plans, Information Security Risk Assessments, E-Authentication Risk Analysis, Privacy Risk Assessments, Annual Assessments, Contingency Plans, Incident Response Plans, and FIPS 199 Security Categorizations, etc.
- Work with programs to ensure security functions are implemented throughout all phases of the SDLC for the program(s) that are under their care.
- Familiarity and experience with security monitoring tools and interpretation of vulnerability and risk assessment output.
- Provide Federal Information Security Management Act (FISMA) support and subject matter expertise.
- Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
- Perform periodic internal audits, vulnerability assessments, and application code testing.
- Work with developers to support secure coding practices, explain application-related security findings and how to reproduce them, and make sure information security risks are managed throughout the SDLC phases.
- Use automated tools to perform static source code and dynamic security testing to identify vulnerabilities and attack vectors in web applications.
- Complete a Security Impact Analysis as part of an agile development organization.
- Support, implement, maintain, and monitor security and privacy controls to comply with FISMA, HIPAA, FedRAMP, and NIST RMF requirements and guidance.
- Plan, document, implement, assess, maintain, and monitor security and privacy controls following requirements, policies, standards, processes, and procedures documented in the CMS BPSSM, ARS 3.1, TRA, and RMH.
- Support audits, assessments, and penetration test-related documentation requests and vulnerability remediate efforts.
- Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses identified in security tests and/or audits.
- Maintain current knowledge of relevant security and privacy trends and technology.
- Participate in special projects as required.
Requirements
Responsibilities/Requirements/Skills:
- Independently develop a variety of C&A deliverables including: System Security Plans, Information Security Risk Assessments, E-Authentication Risk Analysis, Privacy Risk Assessments, Annual Assessments, Contingency Plans, Incident Response Plans, and FIPS 199 Security Categorizations, etc.
- Work with programs to ensure security functions are implemented throughout all phases of the SDLC for the program(s) that are under their care.
- Familiarity and experience with security monitoring tools and interpretation of vulnerability and risk assessment output.
- Provide Federal Information Security Management Act (FISMA) support and subject matter expertise.
- Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
- Perform periodic internal audits, vulnerability assessments, and application code testing.
- Work with developers to support secure coding practices, explain application-related security findings and how to reproduce them, and ensure information security risks are managed throughout the SDLC phases.
- Use automated tools to perform static source code and dynamic security testing to identify vulnerabilities and attack vectors in web applications.
- Complete a Security Impact Analysis as part of an agile development organization.
- Support, implement, maintain, and monitor security and privacy controls to comply with FISMA, HIPAA, FedRAMP, and NIST RMF requirements and guidance.
- Plan, document, implement, assess, maintain, and monitor security and privacy controls in accordance with requirements, policies, standards, processes, and procedures documented in the CMS BPSSM, ARS 3.1, TRA, and RMH.
- Support audits, assessments, and penetration test-related documentation requests and vulnerability remediate efforts.
- Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses identified in security tests and/or audits.
- Maintain current knowledge of relevant security and privacy trends and technology.
- Participate in special projects as required.
- Preferred: Experience supporting government customers
- Strong organizational and communication skills
- Ability to manage multiple tasks and prioritize workload based on the needs of the client
- Ability to deal with ambiguity and frequent changes in priorities
- Ability to work with minimal supervision
- Excellent technical writing skills and proven experience in systems with complex requirements
- Excellent teamwork and interpersonal skills with the ability to team with others to meet project objectives
- Understanding of the system development lifecycle as implemented with Agile; SAFe knowledge a plus
THIS POSITION REQUIRES RESIDENCY IN MARYLAND OR NORTHERN VIRGINIA and is PARTIAL REMOTE 2 DAYS A WEEK. THIS POSITION IS NOT ELIGIBLE FOR A FULL REMOTE SCHEDULE.
Only individuals with permanent work authorization should apply. Must be able to obtain a Public Trust Clearance. Fully-vaccinated status for COVID-19 is required as a condition of employment. Hiring candidates with a permanent residence within commuting distance to Columbia, MD.
ABOUT NEXT PHASE SOLUTIONS AND SERVICES, INC.
Innovation. It’s What Defines Us.
Next Phase Solutions and Services, Inc. provides insights and solutions for healthcare, engineering and science research. Next Phase commits to creating an environment where our employees achieve their full potential, increase their productivity, and expand their professional and personal horizons. We look for bright, innovative people that achieve results, understand the importance of being a productive and supportive team member, and put the customer’s satisfaction first. Next Phase leadership is looking for new leaders, scientific and technical subject matter experts, and technically savvy people that are interested in putting forth the effort and commitment needed to grow our company.
Will you join us to share in the success?
Next Phase Solutions and Services, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
Benefits
We offer a competitive total compensation and benefits package. Benefits include, but are not limited to:
HEALTH AND WELLNESS BENEFITS
- Medical Insurance (three healthcare plans to choose from), Dental Insurance, and Vision Insurance
- Flexible Spending Account (FSA) and Health Savings Account (HSA)
- Company-sponsored Wellness Program
WELL-BEING PROGRAM
- Our Well-being programs offer a variety of benefits that support our employee’s physical, financial and lifestyle wellness. Enjoy walks around a beautiful lake, work out in our on-site gym, grab a healthy snack, enjoy bagel Fridays and lunches, attend yoga, benefit from a hybrid flex schedule, join a Fitbit group or sports team, or get some great financial advice – just to name a few of the well-being program benefits.
PERSONAL INSURANCE BENEFITS
- Company-paid Life Insurance
- Company-paid AD&D Insurance
- Company-paid Short-term and Long-term Disability Insurance
PAID LEAVE
- Competitive paid-time-off programs
- Paid holidays
- Paid Maternity leave for mothers recovering from the birth of a child
RETIREMENT
- 401K plan with 5% employer contribution (employee contributions are not required to receive 5% employer contribution)
PROFESSIONAL DEVELOPMENT
- Employees are reimbursed for professional development activities including classes, books, technical certification/testing fees, professional dues/subscriptions, professional licenses required for a position
PET INSURANCE
- Choose from two options to help keep your pets happy and healthy
$100 EMPLOYEE TECHNOLOGY ALLOWANCE
- Employees receive a $100/month Technology Allowance to use towards personal mobile phone and Internet plans
Tags: Agile Audits C Clearance FedRAMP FISMA HIPAA Incident response Monitoring NIST Privacy Risk analysis Risk assessment SDLC Security Impact Analysis System Security Plan Vulnerabilities
Perks/benefits: 401(k) matching Career development Competitive pay Equity Fitness / gym Flex hours Flexible spending account Flex vacation Health care Insurance Medical leave Wellness Yoga
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs