- US citizen or Authorized to Work and lived in the US for 3 of the last 5 years. Must be able to obtain a U.S. Federal government client badge and pass a government Public Trust.
- Bachelor’s degree and 15 years of overall Security-related work experience
- 3–5 years supporting security initiatives at HHS or other government agencies (CMS preferred) or related experience in security compliance using NIST Risk Management Framework.
- 5 years of experience in at least one of the following areas: knowledge of current security tools, hardware/software security implementation, communication protocols, and/or encryption techniques/tools
- CISSP certification required.
- Hands-on experience with implementing, documenting, maintaining, and monitoring NIST, HIPAA, and FedRAMP control requirements
- Hands-on experience leading project teams through Security Controls Assessment/Adaptive Control Testing, Security Impact Assessments (SIA), TRB gate reviews and CMS ATO packaging with contracts at CMS/or other agencies
- Working knowledge of DevSecOps principles (such as CI/CD, test automation etc.), process automation and tools
- Experience evaluating DevSecOps tools such as AWS CI/CD, NewRelic, Splunk, Git, CloudBees Jenkins, Docker/OpenShift, SonarQube/Fortify/Nessus, LaunchDarkly, etc., for security risk and compliance
- Knowledge of CMS Acceptance Risk Safeguards (ARS), FISMA compliance (and CFACTS), FedRAMP and NIST security guidance and publications, HIPAA, and related privacy and compliance regulations
- Hands-on experience with implementing, documenting, maintaining, and monitoring CMS Acceptable Risk Safeguards control requirements
- Experience in implementing and enforcing policies, procedures, and guidelines in a complex environment
- Experience assisting with the implementation of an automated CI/CD DevSecOps pipeline
- Experience driving ATOs including the privacy controls specified in NIST SP 800-53 rev 5
- Experience in the development, implementation, and operation of IT Security Strategy within cloud environments
- Knowledge and experience with security best practices and relevant legislation
- Experience with IT security management, access policy and management, authentication and SSO, authorization, audit, secure communications and network protection, data protection and privacy, and security administration
- Understanding of and ability to communicate security and risk implications to technical and non-technical audiences
- Experience working as part of an agile scrum team, assisting with security-related tasks and deliverables associated with bi-weekly sprints
- Experience using vulnerability scanners such as Nessus
- Experience running static analysis/static application security testing tools such as SonarQube, Fortify or Veracode
- Experience running dynamic application security testing tools such as WebInspect, AppScan, Qualys, Burp Suite Pro or OWASP ZAP
- Experience with GRC tools, such as CSAM, CFACTS, TAF, or Xacta
- Proficient in Microsoft Office (Word, Excel, PowerPoint, etc.), Project and Visio
- Experience securing cloud-based environments such as AWS and Azure Cloud environments
- Excellent interpersonal, verbal, and written communication, and organizational skills
- Ability to communicate fluently in English both verbally and in writing
- Extremely factual and data oriented.
- Able to meet deadlines with success
- Strong persuasion, facilitation and influencing skills
- Self-driven.
- Strong analytical, organizational, and project management skills
- Demonstrated ability to lead and work with cross-functional teams including senior level individuals
- Ability to thrive in a fast-paced, rapidly evolving environment with varying priorities, based on a team-building culture.
The salary range provided represents the estimated compensation for new hires in this position, applicable across all locations. Actual offers may vary based on factors such as the candidate's skills, qualifications, experience, and market conditions. Index complements its base salary offering with a competitive package that includes health and retirement benefits, discretionary bonuses, and reimbursement for professional development opportunities.
Index Analytics provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Attention Candidates
We're dedicated to ensuring a safe and transparent recruitment process for all candidates and have implemented robust measures to protect your personal information. Please be aware that all employment-related communications will originate from a secure portal (NAME@msg.paycomonline.com) or a corporate email address (NAME@index-analytics.com). If you have any concerns, please don't hesitate to reach out to us at recruiting@index-analytics.com