Sr. Security Specialist

CISSP, SSP, FISMA, ARS, NIST
Full Time
Depends on Experience

Job Description

Job Description:

The Sr. Security Specialist shall work closely with the Chief Security Architect, System Architect and Project Manager to plan and design security into the technical solution. The Sr. Security Specialist will be responsible for assuring all CMS security and privacy considerations and requirements are addressed, designing the solution so that it passes the required Adaptive Capabilities Testing (ACT) and maintains the system Authority To Operate (ATO).  

The primary responsibilities of the position include but are not limited to:

  • Supporting incident response
  • Performing security audits such as CMS Adaptive Capabilities Testing (ACT)
  • Performing Web Application Penetration and Continuous Diagnostic Monitoring (CDM) testing
  • Mitigating and/or addressing the security specific vulnerabilities and document via Plan of Action and Milestones (POA&M)
  • Supporting ad hoc security requests from the customer and program management
  • Provide security impact assessments to system engineers for new and modifying architectures

Required Skills:  

  • Experience with NIST and CMS security documentation, including NIST 800-53, NIST 800-63, CMS Acceptable Risk Safeguards (ARS), CMS Risk Management Handbook (RMH) and CMS Federal Information Security Management Act (FISMA) Controls Tracking System (CFACTS).
  • Experience writing and maintaining security related documents, including the System Security Plan (SSP), Contingency Plan (CP), Information System Risk Assessment (IS RA), and the Privacy Impact Assessment (PIA)
  • Familiar with Web Application Penetration Testing such as Burp
  • Familiar with Vulnerability Assessment tools such as Nessus
  • Familiar with Information Gathering techniques 
  • Familiar with networking concepts, such as, DHCP, DNS, VLANs, Routing and VPNs
  • Familiar FISCAM and FEDRAMP requirements
  • Understanding of and experience with Agile Development and DevSecOps.
  • knowledge of current as well as emerging security threats
  • Familiar with Microsoft Office Tools (Outlook, Word, Excel, PowerPoint)
  • Capable of obtaining Level Five: Public Trust  security clearance

Desired Skills: 

  • Knowledge of all facets of information security across diverse infrastructure and regulatory environments
  • Familiarity with a variety of security concepts, practices, and procedures
  • Ability to resolve complex support issues by leveraging user forums, support forums, or opening support cases with vendors and following them to closure. Strong ability to find workarounds and alternative approaches
  • CISSP or equivalent security related certification
  • EC-Council Certified Ethical Hacker CEH certification is a plus
  • IACRB Certified Penetration Tester CPT certification a plus

“C-HIT is an equal opportunity employer committed to upholding equal treatment to all staff.  All qualified applicants will receive consideration without regard to their race, color, ethnicity, religion, gender, gender identity, marital status, sexual orientation, age, parental status, national origin, disability status, veteran status, family or genetics background, or any other non-merit based factors.  This commitment extends to all decisions and practices (including recruiting, hiring, promotions, and training) of the entire C-HIT management team.”

Dice Id : 90793297
Position Id : 6672229
Originally Posted : 2 months ago
Have a Job? Post it