Request ID: EPC-8305-1 (98490820)
Security Architect (Security+/ISC(2)/ISACA/SANS GIAC) with networking, compliance tools, data protection schemes, access models, eGRC, FISMA, NIST, CMS MARS-E, HIPAA, healthcare/HIT experience and CISCO/VMWare/Microsoft certification
Location: Columbia SC
Duration: 12 months
Remote Work Availability: 25%
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
1. 3+ years of HANDS-ON experience in network design, implementation and support
2. Deep technical knowledge of secure system design principles, security architecture, network and system compliance tools, data protection schemes and access models.
PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
1. Prior experience in working with any eGRC systems.
2. Prior Health Information Technology experience.
3. Strong working knowledge of FISMA, NIST, CMS MARS-E and HIPAA Security and Privacy.
1. BS degree in computer science or similar discipline. Equivalent experience will be considered for candidates with strong HANDS-ON experience.
2. Security+ or equivalent certification is required
1. ISC(2), ISACA, SANS GIAC and/or other Information Security Certification.
2. Microsoft, CISCO, VMWare or other similar certifications will be considered a plus
Education Bachelor’s degree in a technical or business field Yes 1 Lead Currently Using 1 – 2 Years
Education Technical Certifications Yes 1 Lead Currently Using 1 – 2 Years
Miscellaneous Demonstrated knowledge/skills of the IT industry which includes: multi-tiered architectures, enterprise applications, evaluation of emerging technologies, networks, data management systems and hardware systems. Yes 1 Advanced Within 6 Months 2 – 4 Years
MMIS – Medicaid Management Informaiton System IT Healthcare Systems No 1 Advanced Within 6 Months 2 – 4 Years
Network Security Security – Knowledge in networking, databases, systems and Web operations Yes 1 Advanced Currently Using 2 – 4 Years
Network Security Federal Information Security Management Act (FISMA) No 1 Intermediate Within 2 Years 1 – 2 Years
Network Security HIPAA Security No 1 Intermediate Within 2 Years 1 – 2 Years
Network Security MARS-E No 1 Intermediate Within 2 Years 1 – 2 Years
Network Security Security Information Event Management (SIEM) systems development / configuration No 1 Advanced Within 6 Months 2 – 4 Years
Networking & Directories Network security Yes 1 Advanced Currently Using 2 – 4 Years
Specialties Network Engineering experience Yes 1 Advanced Currently Using 2 – 4 Years
Specialties eGRC solutions No 1 Intermediate Within 2 Years 1 – 2 Years
Specialties NIST Security No 1 Intermediate Within 2 Years 1 – 2 Years
SCOPE OF THE PROJECT:
The Office of Information Assurance is tasked with ensuring Agency information systems and assets are functioning in a secure, compliant manner. A strong candidate for this position should possess HANDS-ON experience in the following:
• Server and network infrastructure administration
• Secure application development and integration
• Secure system design and engineering
• Strong understanding of authentication, authorization and auditing
DAILY DUTIES / RESPONSIBILITIES:
This is a HANDS-ON Role
The Security Architect – Advanced will report to the Office of Information Assurance and operate as an experienced consultant and may have opportunities to work with Agency leadership, business units, business partners and vendors.
HANDS-ON experience with any or all of the following technologies would be considered a desirable for this position:
• System/Infrastructure Administration
• VMware NSX, HCI, or similar
• Secure System Design – Infrastructure hardening and Secure application and Database (SQL, Oracle, NoSQL, etc.) security, development, deployment and management
• DevOPS security integration
• System and application security continuous monitoring expertise utilizing tools such as Nessus, Saint, Qualys, etc…
• Security Information and Event Management (SIEM) solutions such QRadar, Splunk, etc.
• IBM System 390/zSeries
• Linux and Windows servers
• Identity and Access Management (IAM) solutions
• Cloud service and vendor integration
Security Program Experience:
Experience with CMS MARS-E or other FISMA Risk Management Framework (RMF) compliant programs is not required, but may be considered desirable in the event that strong parity in technical skills is identified in multiple candidates.
Experience with development and integration of Security tasks and artifacts into the System/Software Development Life Cycle (SDLC) is ideal.
Experience in security as related to multi-tenant, cloud services and vendor interface management would be desirable for this position.
General Duties and Responsibilities:
1. Assist (and often lead) in the design, development, implementation and/or ongoing maturation of Agency network security and compliance solutions
2. Provide HANDS-ON support of Agency Systems and Software
3. Participate in audit and assessment of internal agency systems as well as business partner/service provider information systems.
4. Utilize Microsoft Office software suite, eGRC system, Bizagi, Atlassian and other products to document and report on information gathered during Audit and Assessment activities or other OIA efforts.
5. Participate in third-party audits and/or assessments of agency and business partner systems
6. Collaborate with agency leadership, business partners and other parties/stakeholders to provide recommendations for security and compliance risk mitigation efforts.