USA InfoTech is looking to hire a senior security engineer to support our federal contract. This position can be Remote or hybrid.
ROLE & RESPONSIBILITIES:
• Create/Update all client security deliverables (SSP, CP, ISRA, SIA, POA&M, etc.)
• Work with team members to ensure security functions are implemented for the program(s) that are under their care.
• Act as a trusted advisor for security matters for their programs and provide training on security items when needed.
• Act as a bridge between client security teams and project teams to close the gap between compliance and technical security issues on both teams.
• Ensure proper security testing occurs and manages the vulnerability process in the scope of the program.
• Translate technical security findings (pen tests, CSRAP, Fortify, SonarQube, SNYK, Tenable, etc.) to practical issues, and guide teams to appropriate preventative and corrective action.
• Review program procedures and outputs and implement corrective action when needed.
• Act as a liaison for the program to client security teams.
• Support corporate security as needed.
REQUIRED EXPERIENCE:
• Experience in multiple aspects of FISMA, 5+ years
• Experience working in CMS/HHS environments, 5+ years
• Experience in an agile CI/CD development environment with a focusing on the testing and assessment functions (technical assessment and understanding (dev/sec/ops)
• Ability to participate in proposal development and ancillary activities (e.g., Oral Prep)
• Experience in Agile development and operations support, in respect to FISMA SP 800-53 guidelines
• Excellent writing and communication skills
• Experience in understanding and accurately interpreting security reports
• Experience in managing an audit for a program (CSRAP/ACT, A-123, IRS 1075, etc.)
• Experience with cloud-based systems (e.g., AWS, Salesforce)
• Experience in creating and maintaining the deliverables for an Authority to Operate (ATO)
• Experience in performing application-level testing (CP functional and tabletop testing required).
• Experience in performing risk and security assessments (RA & SA).
• Experience running meetings and holding team members to deadlines.
• Travel to Columbia, MD for meetings as required
PREFERRED EXPERIENCE:
• 10 years with privacy (PII) and data (ePHI/PHI) protection
• Project management, customer-facing reporting and etiquette
• Dynamic and Static code testing and analysis
EDUCATION & CERTIFICATIONS:
• 8+ years of experience in the required skill set (note CISSP requires 5 years in the required skill sets.)
• CISSP required (note that CASP, CISM, and GSEC do not qualify).
• Bachelor’s Degree
How To Apply:
Send your resumes to jobs@usainfotech.com