The Health Cybersecurity Analyst conducts threat and vulnerability assessments and determines deviations from acceptable configurations or policies. The successful candidate will assess the level of risk and develop and/or recommend appropriate mitigation countermeasures in operational and non-operational situations. The position may also help test, implement, deploy, and administer the infrastructure hardware, software, and documentation that are required to effectively manage network defense resources.

Additional Responsibilities:

• Analyze organization’s Enterprise Network Defense (END) policies and configurations and evaluate compliance with regulations and organizational directives.
• Conduct and/or support authorized penetration testing on enterprise network assets.
• Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support Enterprise Network Defense (END) audit missions.
• Maintain knowledge of applicable Enterprise Network Defense (END) policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
• Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, and supporting infrastructure).
• Assist with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

Requirements:
Education: Requires Bachelor degree in Computer Science, Information Systems, Health Information Management, or related field. Licensures: N/A Certifications: Preferred certification as GCIH, CEH.

Experience:
Five (5) plus years experience in an IT and/or healthcare related field.

Skills:
Knowledge of network protocols (e.g., Transmission Critical Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]). Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). Knowledge of PCI DSS v3.1, PII, HIPAA

The Health Cybersecurity Engineer tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware, software, and documentation that are required to effectively manage network defense resources. The successful candidate will also monitor the network to actively remediate unauthorized activities.

Additional Responsibilities:

• Implement Risk Management Framework (RMF)/Security Assessment and Authorization (SA&A) requirements for specialized Enterprise Network Defense (END) systems within the enterprise, and document and maintain records for them.
• Identify potential conflicts with implementation of any cyber defense tools within the Enterprise (e.g., tool and signature testing and optimization).
• Administer test bed(s), and test and evaluate new cyber defense applications, rules/signatures, access controls, and configurations of platforms managed by service provider(s).
• Create, edit, and manage changes to network access control lists on systems (e.g., firewalls and intrusion prevention systems).
• Coordinate identifying, prioritizing, and coordinating the protection of critical enterprise infrastructure and key resources.
• Perform system administration on specialized Enterprise Network Defense (END) applications and systems (e.g., anti-virus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup and restoration.

Requirements:
Education: Requires Bachelor degree in Computer Science, Information Systems, Health Information Management, or related field. Licensures: N/A Certifications: Preferred certification as GCIH/GCIA, CISSP, CASP.

Experience:
Five (5) plus years experience in an IT and/or healthcare related field.

Skills:
Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth). Kknowledge/understanding of networking requirements in a Windows/Linux environment. Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification [RFID], Infrared Networking [IR], Wireless Fidelity [Wi-Fi]. paging, cellular, satellite dishes), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly. Knowledge of PCI DSS v3.1, PII, HIPAA.

The Health Cybersecurity Architect is an operational/technical position, designing and developing system concepts and working on the capabilities phases of the systems development lifecycle. The successful candidate will translate technology and environmental conditions (e.g., laws, regulations, best practices) into system and security designs and processes. This role is the main subject matter expert on information security, with the responsibility to analyze existing and new technologies for their security impact. This role also has to speak for compliance with the HIPAA Security Rule and PCI.

Additional Responsibilities:

• Analyze user needs and requirements to plan system architecture.
• Collaborate with system developers to select appropriate design solutions or ensure the compatibility of system components.
• Define and prioritize essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event.
• Define appropriate levels of system availability based on critical system functions and ensure system requirements identify appropriate disaster recovery and continuity of operations requirements, to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recovery/restoration.
• Design system architecture or system components required to meet user needs.
• Develop information assurance (IA) designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data (primarily applicable to government organizations.
• Document and address organization’s information security, information assurance (IA) architecture, and systems security engineering requirements throughout the acquisition lifecycle.
• Ensure all definition and architecture activities (e.g., system lifecycle support plans, concept of operations, operational procedures and maintenance training materials) are properly documented and updated as necessary.
• Provide input to the Risk Management Framework (RMF) process activities and related documentation (e.g., system lifecycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Provide advice on project costs, design concepts, or design changes.

Requirements:
Education: Requires Bachelor degree in Computer Science, Information Systems, Health Information Management, or related field. Licensures: N/A Certifications: Preferred certification as CISSP, GSEC, or GCED.

Experience:
Five (5) plus years experience in an IT and/or healthcare related field.

Skills:
Knowledge/understanding of networking requirements in a Windows/Linux environment, Data Loss Prevention systems, and system vulnerability assessment systems. Knowledge of PCI DSS v3.1, PII, HIPAA. Knowledge of the methods, standards, and approaches for describing, analyzing, and documenting an organization’s enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DODAF], Federal Enterprise Architecture Framework [FEAF]).

The Health Cybersecurity Director is a leadership position that oversees and ensures that the appropriate operational security posture (e.g., network and system security, physical and environmental protection, personnel security, incident handling, security training and awareness) is implemented and maintained for an information system or program. The successful candidate advises the Authorizing Official (AO), an information system owner, or the Chief Information Security Officer (CISO) on the security of an information system or program. This role also has responsibility for compliance with the HIPAA Security Rule and PCI.

Additional Responsibilities:

• Advise appropriate senior leadership or authorizing official of charges affecting the organization’s information assurance (IA) posture.
• Collect and maintain data needed to meet system information assurance (IA) reporting.
• Ensure that information assurance (IA) inspections, tests, and reviews are coordinated for the network environment.
• Ensure that information assurance (IA) requirements are integrated into the continuity planning for that system and/or organization(s).
• Ensure that protection and detection capabilities are acquired or developed using the Information system security engineering approach and are consistent with organization-level information assurance (IA) architecture.
• Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• Evaluate cost-benefit, economic, and risk analysis in decision-making process.
• Participate in information security risk assessment during the Security Assessment and Authorization (SA&A) process.
• Participate in the development or modification of the computer environment information assurance (IA) security program plans and requirements.
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
• Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures consistent with the organization’s mission and goals.
• Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.

Requirements:
Education: Requires Bachelor degree in Computer Science, Information Systems, Health Information Management, or related field. Licensures: N/A Certifications: Preferred certification as GSLC, CISM, GCCC.

Experience:
Eight (8) plus years experience in an IT and/or healthcare related field.

Skills:
Knowledge of Information assurance (IA) principles used to manage risks related to the use, processing, storage, and transmission of information or data. Knowledge of current healthcare industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures, utilizing standards-based concepts, and capabilities. Knowledge of PCI DSS v3.1, PII, HIPAA