Security Specialist - (178)

The Security Specialist II is security focused with assigned responsibility for maintaining the appropriate operational security posture for a federal information system or program with a good understanding of network, infrastructure, and application based security, and has demonstrated experience working with a diverse software development and production support team on Federal enterprise systems.

The Security Specialist II requires hands-on experience evaluating, designing, documenting, implementing, operating, and monitoring security and privacy controls that support the information system security and privacy program.

The Security Specialist II must be skilled in vulnerability scanning tools, assessment techniques, familiar with Federal government security practices, familiar with creating and reviewing security policies and procedures for testing and system security. Familiarity with NIST 800-53 security controls is also required.

Responsibilities:

• Independently develop a variety of C&A deliverables including: System Security Plans, Information Security Risk Assessments, E-Authentication Risk Analysis, Privacy Risk Assessments, Annual Assessments, Contingency Plans, Incident Response Plans, and FIPS 199 Security Categorizations, etc.
• Work with programs to ensure security functions are implemented throughout all phases of the SDLC for the program(s) that are under their care.
• Familiarity and experience with security monitoring tools and interpretation of vulnerability and risk assessment output.
• Provide Federal Information Security Management Act (FISMA) support and subject matter expertise.
• Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
• Perform periodic internal audits, vulnerability assessments, and application code testing.
• Work with developers to support secure coding practices, explain application-related security findings and how to reproduce them, and make sure information security risks are managed throughout all the phases of the SDLC.
• Use automated tools to perform static source code and dynamic security testing to identify vulnerabilities and attack vectors in web applications.
• Complete a Security Impact Analysis as part of an agile development organization.
• Support, implement, maintain, and monitor security and privacy controls in compliance with FISMA, HIPAA, FedRAMP, and NIST RMF requirements and guidance.
• Plan, document, implement, assess, maintain, and monitor security and privacy controls in accordance with requirements, policies, standards, processes, and procedures documented in the CMS BPSSM, ARS 3.1, TRA, and RMH.
• Support audits, assessments, and penetration test-related documentation requests and vulnerability remediate efforts.
• Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses identified in security tests and/or audits.
• Maintain current knowledge of relevant security and privacy trends and technology.
• Participate in special projects as required.

Requirements

• US Citizenship or Permanent Resident status is required to obtain Public Trust Clearance.
• Must have lived in the United States at least 3 out of the last five years.
• 7+ years of IT experience which:
  • Three years must be in Security
  • Two years must be in FEDERAL security
• BS degree in Computer Science or related
• At least one job must include achieving an Authority to Operate (ATO) with PHI and PII data
• Excellent communication and customer service skills
• Self-governing time to achieve deadlines and goals as required
• Hands-on experience with implementing, documenting, maintaining, and monitoring CMS Acceptable Risk Safeguards control requirements
• Experience in implementing and enforcing policies, procedures, and guidelines in a complex environment
• Experience assisting with the implementation of an automated CI/CD DevSecOps pipeline
• Federal Security Compliance – Must be fluent with FISMA, NIST SP800-53, and the Federal systems certification and accreditation process – (Required)
• Writing Skills – Individual must be experienced in authoring/maintaining security artifacts (e.g., SSP, ISRA/RA, CP, PIA, PTA, SORN, etc.)
• Experience in the development, implementation, and operation of IT Security Strategy within a complex environment
• Knowledge and experience with security best practices and relevant legislation
• Experience with IT Security management, access policy and management, authentication and SSO, authorization, audit, secure communications and network protection, data protection and privacy, and security administration
• Understanding of and ability to communicate security and risk implications to technical and non-technical audiences
• Experience working as part of an agile scrum team, assisting with security-related tasks and deliverables associated with bi-weekly sprints
• Experience using vulnerability scanners such as Nessus
• Experience running static analysis /static application security testing tools such as SonarQube, Jfrog Xray, or Snyk
• Proficient in Microsoft Office (Word, Excel, PowerPoint, etc.) and Visio.
• CISSP Certification (Preferred)
• Healthcare IT experience (Preferred)
• Knowledge of Centers for Medicare and Medicaid (CMS) security practices (Preferred)

THIS POSITION REQUIRES RESIDENCY IN MARYLAND OR NORTHERN VIRGINIA and is PARTIAL REMOTE 2 DAYS A WEEK. THIS POSITION IS NOT ELIGIBLE FOR A FULL REMOTE SCHEDULE.

Only individuals with permanent work authorization should apply. Must be able to obtain a Public Trust Clearance. Fully-vaccinated status for COVID-19 is required as a condition of employment. Hiring candidates with a permanent residence within commuting distance to Columbia, MD.

ABOUT NEXT PHASE SOLUTIONS AND SERVICES, INC.

Innovation. It’s What Defines Us.

Next Phase Solutions and Services, Inc. provides insights and solutions for healthcare, engineering and science research. Next Phase commits to creating an environment where our employees achieve their full potential, increase their productivity, and expand their professional and personal horizons. We look for bright, innovative people that achieve results, understand the importance of being a productive and supportive team member, and put the customer’s satisfaction first. Next Phase leadership is looking for new leaders, scientific and technical subject matter experts, and technically savvy people that are interested in putting forth the effort and commitment needed to grow our company.

Will you join us to share in the success?

Next Phase Solutions and Services, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Benefits

We offer a competitive total compensation and benefits package. Benefits include, but are not limited to:

HEALTH AND WELLNESS BENEFITS

• Medical Insurance (three healthcare plans to choose from), Dental Insurance, and Vision Insurance
• Flexible Spending Account (FSA) and Health Savings Account (HSA)
• Company-sponsored Wellness Program

WELL-BEING PROGRAM

• Our Well-being programs offer a variety of benefits that support our employee’s physical, financial and lifestyle wellness. Enjoy walks around a beautiful lake, work out in our on-site gym, grab a healthy snack, enjoy bagel Fridays and lunches, attend yoga, benefit from a hybrid flex schedule, join a Fitbit group or sports team, or get some great financial advice – just to name a few of the well-being program benefits.

PERSONAL INSURANCE BENEFITS

• Company-paid Life Insurance
• Company-paid AD&D Insurance
• Company-paid Short-term and Long-term Disability Insurance

PAID LEAVE

• Competitive paid-time-off programs
• Paid holidays
• Paid Maternity leave for mothers recovering from the birth of a child

RETIREMENT

• 401K plan with 5% employer contribution (employee contributions are not required to receive 5% employer contribution)

PROFESSIONAL DEVELOPMENT

• Employees are reimbursed for professional development activities including classes, books, technical certification/testing fees, professional dues/subscriptions, professional licenses required for a position

PET INSURANCE

• Choose from two options to help keep your pets happy and healthy

$100 EMPLOYEE TECHNOLOGY ALLOWANCE

• Employees receive a $100/month Technology Allowance to use towards personal mobile phone and Internet plans