Index Analytics LLC
Information System Security Officer - Contingent
Index Analytics LLC, Milford Mill, Maryland, United States
Overview
Index Analytics, LLC, is a rapidly growing, Baltimore-based small business providing health-related consulting services to the federal government. We are committed to a dynamic, employee-friendly work environment with career development and educational opportunities. Responsibilities
Provide cybersecurity support for contract-supported organizations, programs, systems, or enclaves Provide direction and guidance for the security posture of contract-supported federally owned systems, including policy creation, security training, and processes that impact or improve security Assist project teams in compiling documentation for CSRAP, SCA/ACT, SIA, and ATO prior to project implementation; support ongoing security requirements Collaborate with Federal Agency ISSOs to monitor and track security operations in CFACTS and progress remediations of security findings Provide security guidance on solution implementation and assess CMS TRA or NIST documentation for best practices and compliance Work with developers to support secure coding practices, research application-related security findings, and manage information security risks throughout all SDLC phases Use automated tools to perform static and dynamic security testing of source code to identify vulnerabilities in web applications Support proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies Maintain operational security posture of information systems or programs and ensure policies, standards, and procedures are established and documented Assist program and project managers with day-to-day security operations for secure development and engineering of information systems Evaluate security solutions to meet security requirements for processing sensitive and/or protected information Perform vulnerability and risk assessments to support validation and accreditation activities of contract-supported federally owned IT systems Maintain configuration management for information system security software, hardware, and firmware Document changes to the information system and assess the security impact of those changes Prepare and review documentation such as SSPs, Risk Assessment Reports, A&A packages, and SRTMs for contract-supported federally owned IT systems Support security authorization activities in compliance with HHS CMS and FDA Complete a Security Impact Analysis as part of each sprint within an agile development organization Support, implement, maintain, and monitor security and privacy controls in compliance with FISMA, HIPAA, FedRAMP, and NIST RMF requirements; knowledge of CMMC 2.0 is a plus Plan, document, implement, assess, maintain, and monitor security and privacy controls in accordance with CMS guidelines and RMF requirements Develop CFACTS/FISMA package deliverables including SSPs, risk assessments, and other security-related plans and procedures Assist audits, assessments, and penetration testing documentation requests and vulnerability remediation efforts Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses, vulnerabilities, and risks Recommend engineering best practices and apply federal security guidelines for secure architecture solutions Conduct periodic internal audits, vulnerability assessments, and web application security testing Maintain knowledge of current security, technology, and privacy trends Qualifications
US citizen or authorized to work in the US; able to obtain a U.S. Federal government client badge and pass a government Public Trust Bachelor’s degree and 15 years of overall security-related work experience 5-10 years supporting security initiatives at HHS or other government agencies (CMS preferred) or related experience in security compliance using NIST RMF 5 years of experience in at least one of the following areas: security tools, hardware/software security implementation, communication protocols, and/or encryption techniques/tools CISSP certification required Hands-on experience implementing, documenting, maintaining, and monitoring NIST, HIPAA, and FedRAMP security controls Experience leading project teams through Security Controls Assessment/Adaptive Control Testing, SIA, TRB gate reviews, and CMS ATO packaging Working knowledge of DevSecOps principles and related tooling Experience evaluating DevSecOps tools for security risk and compliance Knowledge of CMS ARS, FISMA, CFACTS, FedRAMP, NIST SP 800-series, HIPAA, and related privacy/compliance regulations Experience with CMS Acceptable Risk Safeguards and risk management Experience implementing and enforcing policies and guidelines in a complex environment Experience helping implement automated CI/CD DevSecOps pipelines Experience driving ATOs with NIST SP 800-53 rev 5 controls Experience developing and operating IT security strategy in AWS cloud environments Knowledge of security best practices and relevant legislation; strong communication skills Ability to communicate security and risk implications to technical and non-technical audiences Experience in agile environments, assisting with security tasks in bi-weekly sprints Experience with vulnerability scanners (e.g., Nessus) and SAST/DAST tools (e.g., SonarQube, Fortify, Veracode, WebInspect, AppScan, Qualys, Burp Suite, OWASP ZAP) Experience with GRC tools such as CSAM, CFACTS, TAF, or Xacta Proficient in Microsoft Office, Project, and Visio; experience securing AWS Strong interpersonal, verbal, and written communication skills; ability to work independently and meet deadlines Ability to lead and work with cross-functional teams and thrive in a fast-paced, evolving environment Note
This description is intended to reflect the role as described and may be subject to change. Equal Employment Opportunity
Index Analytics provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type.
#J-18808-Ljbffr
Index Analytics, LLC, is a rapidly growing, Baltimore-based small business providing health-related consulting services to the federal government. We are committed to a dynamic, employee-friendly work environment with career development and educational opportunities. Responsibilities
Provide cybersecurity support for contract-supported organizations, programs, systems, or enclaves Provide direction and guidance for the security posture of contract-supported federally owned systems, including policy creation, security training, and processes that impact or improve security Assist project teams in compiling documentation for CSRAP, SCA/ACT, SIA, and ATO prior to project implementation; support ongoing security requirements Collaborate with Federal Agency ISSOs to monitor and track security operations in CFACTS and progress remediations of security findings Provide security guidance on solution implementation and assess CMS TRA or NIST documentation for best practices and compliance Work with developers to support secure coding practices, research application-related security findings, and manage information security risks throughout all SDLC phases Use automated tools to perform static and dynamic security testing of source code to identify vulnerabilities in web applications Support proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies Maintain operational security posture of information systems or programs and ensure policies, standards, and procedures are established and documented Assist program and project managers with day-to-day security operations for secure development and engineering of information systems Evaluate security solutions to meet security requirements for processing sensitive and/or protected information Perform vulnerability and risk assessments to support validation and accreditation activities of contract-supported federally owned IT systems Maintain configuration management for information system security software, hardware, and firmware Document changes to the information system and assess the security impact of those changes Prepare and review documentation such as SSPs, Risk Assessment Reports, A&A packages, and SRTMs for contract-supported federally owned IT systems Support security authorization activities in compliance with HHS CMS and FDA Complete a Security Impact Analysis as part of each sprint within an agile development organization Support, implement, maintain, and monitor security and privacy controls in compliance with FISMA, HIPAA, FedRAMP, and NIST RMF requirements; knowledge of CMMC 2.0 is a plus Plan, document, implement, assess, maintain, and monitor security and privacy controls in accordance with CMS guidelines and RMF requirements Develop CFACTS/FISMA package deliverables including SSPs, risk assessments, and other security-related plans and procedures Assist audits, assessments, and penetration testing documentation requests and vulnerability remediation efforts Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses, vulnerabilities, and risks Recommend engineering best practices and apply federal security guidelines for secure architecture solutions Conduct periodic internal audits, vulnerability assessments, and web application security testing Maintain knowledge of current security, technology, and privacy trends Qualifications
US citizen or authorized to work in the US; able to obtain a U.S. Federal government client badge and pass a government Public Trust Bachelor’s degree and 15 years of overall security-related work experience 5-10 years supporting security initiatives at HHS or other government agencies (CMS preferred) or related experience in security compliance using NIST RMF 5 years of experience in at least one of the following areas: security tools, hardware/software security implementation, communication protocols, and/or encryption techniques/tools CISSP certification required Hands-on experience implementing, documenting, maintaining, and monitoring NIST, HIPAA, and FedRAMP security controls Experience leading project teams through Security Controls Assessment/Adaptive Control Testing, SIA, TRB gate reviews, and CMS ATO packaging Working knowledge of DevSecOps principles and related tooling Experience evaluating DevSecOps tools for security risk and compliance Knowledge of CMS ARS, FISMA, CFACTS, FedRAMP, NIST SP 800-series, HIPAA, and related privacy/compliance regulations Experience with CMS Acceptable Risk Safeguards and risk management Experience implementing and enforcing policies and guidelines in a complex environment Experience helping implement automated CI/CD DevSecOps pipelines Experience driving ATOs with NIST SP 800-53 rev 5 controls Experience developing and operating IT security strategy in AWS cloud environments Knowledge of security best practices and relevant legislation; strong communication skills Ability to communicate security and risk implications to technical and non-technical audiences Experience in agile environments, assisting with security tasks in bi-weekly sprints Experience with vulnerability scanners (e.g., Nessus) and SAST/DAST tools (e.g., SonarQube, Fortify, Veracode, WebInspect, AppScan, Qualys, Burp Suite, OWASP ZAP) Experience with GRC tools such as CSAM, CFACTS, TAF, or Xacta Proficient in Microsoft Office, Project, and Visio; experience securing AWS Strong interpersonal, verbal, and written communication skills; ability to work independently and meet deadlines Ability to lead and work with cross-functional teams and thrive in a fast-paced, evolving environment Note
This description is intended to reflect the role as described and may be subject to change. Equal Employment Opportunity
Index Analytics provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type.
#J-18808-Ljbffr