Previous Job
Security Analyst CMS
Ref No.: 18-01060
Location: Chantilly, Virginia
Position Type:Contract
Start Date: 02/06/2018
Client: CMS (Center for Medicare & Medicaid Services)
Role: Security Analyst
Location: Woodlawn, MD
Duration: Full Time

Required/Must have Skills/Experience:
· Must have 5 years of experience in the system security role
· Prior Health IT experience with CMS or HHS
· Experience working on Big Data projects or Health Insurance Market Place projects
· Functional knowledge of CMS IT XLC (Expedited Life Cycle), MIDAS (Multidimensional Information Data Analytics System), ACA (Affordable Care Act), Health Insurance Portability and Accountability Act (HIPPA)
· Prior experience in working with Big Data, AWS, Data Warehousing environments
· Prior experience/knowledge of HHS Information Systems Security and Privacy Policy (IS2P), HHS Privacy Program, CMS Information Systems Security and Privacy Policy (IS2P2), CMS Acceptable Risk Safeguards, and CMS/HHS CIO Policies, Standards, Memoranda, and Guides
· Experience monitoring security activities that identify external or internal violation and support actions required to address any violation
· Experience obtaining and maintaining any Information Systems Security Officer (ISSO) appointment documentation
· Experience providing security-related and privacy-related subject matter expertise
· Experience supporting system authorization package process and activities
· Experience providing both regular and ad-hoc security-related reports
· Experience coordinating security and privacy activities with approved third-parties like CISO, Network Operations Center (NOC), etc
· Experience performing and supporting both regular and ad hoc security and privacy compliance and vulnerability assessments, test, and scans
· Experience performing security and privacy impact analyses throughout every stage of the systems development lifecycle (including when new requirements are proposed, whenever any change/enhancement/fix is planned for the system, or whenever any other factor might impact security control effectiveness – such a change in Configuration Management processes);
· Experience developing a Corrective Action Plan (CAP) to address each identified system weakness, estimating and reporting completion dates and any associated cost or time requirement to implement the corrective action, and recording, reviewing, and regularly updating a corresponding Plan of Action and Milestones (POA&M) addressing the weakness, in accordance with CMS policies and procedures (e.g. CFACTS)
· Experience performing Vulnerability Scans on servers that house the system
· Experience performing Security Risk Assessment and System Security Plan
Preferred Skills/Experience:
· Experience conducting audit collection and assessments on multiple systems
· Experience coordinating IS security inspections, tests, and reviews
· Experience preparing and maintaining security assessment and authorization documentation
· Experience providing continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner
Familiarity with Technologies/Tools:
· AWS, Redshift Spectrum, RDS, Aurora, Apache Spark, Scala, Python, XML, Java, JSON, SQL, S3, ETL
· AWS Athena, QuickSight, Glue, Redshift, Apache NiFi, Apache Jupyter, AWS S3