ZipRecruiter
Security Analyst / Information Systems Security Officer (ISSO)
ZipRecruiter, Olympia, Washington, United States
Overview
The Security Analyst / ISSO ensures CMS API Gateway\'s compliance with FISMA Moderate and ARS 5.1 controls, manages audits, and maintains continuous monitoring and security authorization artifacts. Core Responsibilities
Oversee implementation of FISMA, NIST 800-53, and ARS 5.1 controls. Support continuous monitoring, vulnerability scans, POA&M management, and reporting. Coordinate with CMS CISO and security teams on ATO documentation. Respond to audits, penetration tests, and incident management activities. Ensure encryption, management (Okta/OAuth2), and TLS configurations meet CMS standards. Conduct risk assessments and security reviews for new APIs and integrations. Required Experience
7+ years in federal cybersecurity or ISSO roles. Proven experience supporting CMS, HHS, or other FISMA-regulated agencies. Familiarity with ARS 5.1, CMS BPSSM, and FedRAMP Moderate environments. Hands-on knowledge of Splunk, Tenable, and SentinelOne or equivalent tools. Certifications
CISSP, CISM, or CAP (required). Security+ CE or equivalent baseline (required). AWS Security Specialty or Certified Cloud Security Professional (CCSP). Location
Work will be primarily onsite in Washington, DC, or other designated sites. Remote work requires prior client approval. Local and occasional out-of-area travel may be required. Commitment to EEO
eTelligent Group provides equal employment opportunities (EEO) to all applicants without regard to race, color, religion, national origin, genetic information, marital status, amnesty, status as a covered veteran, and any other characteristic provided in accordance with applicable federal, state and local laws.
#J-18808-Ljbffr
The Security Analyst / ISSO ensures CMS API Gateway\'s compliance with FISMA Moderate and ARS 5.1 controls, manages audits, and maintains continuous monitoring and security authorization artifacts. Core Responsibilities
Oversee implementation of FISMA, NIST 800-53, and ARS 5.1 controls. Support continuous monitoring, vulnerability scans, POA&M management, and reporting. Coordinate with CMS CISO and security teams on ATO documentation. Respond to audits, penetration tests, and incident management activities. Ensure encryption, management (Okta/OAuth2), and TLS configurations meet CMS standards. Conduct risk assessments and security reviews for new APIs and integrations. Required Experience
7+ years in federal cybersecurity or ISSO roles. Proven experience supporting CMS, HHS, or other FISMA-regulated agencies. Familiarity with ARS 5.1, CMS BPSSM, and FedRAMP Moderate environments. Hands-on knowledge of Splunk, Tenable, and SentinelOne or equivalent tools. Certifications
CISSP, CISM, or CAP (required). Security+ CE or equivalent baseline (required). AWS Security Specialty or Certified Cloud Security Professional (CCSP). Location
Work will be primarily onsite in Washington, DC, or other designated sites. Remote work requires prior client approval. Local and occasional out-of-area travel may be required. Commitment to EEO
eTelligent Group provides equal employment opportunities (EEO) to all applicants without regard to race, color, religion, national origin, genetic information, marital status, amnesty, status as a covered veteran, and any other characteristic provided in accordance with applicable federal, state and local laws.
#J-18808-Ljbffr