DNI is providing Network Support to all of the Indian Health Services facilities across the nation. This is a direct hire/salary position with excellent benefits, and outstanding compensation including full medical, dental, 401K, vacation and holiday pay.
As a Security Analyst, you will mature our Security Assessments and Authorization (SA&A) functions which are focused on the agency’s Enterprise Network Infrastructure security assessments, business continuity and accreditation efforts.
As a key participant within a cohesive network engineering team, you will share responsibilities for conducting FISMA-compliant Security Assessments and Authorization (SA&A) and maintaining continuous Approval To Operate (ATO) for the agency’s network infrastructure so it can carry out its mission of supporting healthcare operations.

• Own and maintain System Security Plans (SSP) for the network infrastructure to comply with NIST 800-53.
• Document process flow/secure configuration baselines for network engineers to follow while managing and configuring network infrastructure devices.
• Perform internal compliance audits against controls documented in the SSP’s.
• Review Plan of Action & Milestones (POAM’s) and develop risk mitigations and recommendations for identified security assessment findings.
• Create and maintain Information Security Contingency Plan (ISCP) for the network infrastructure.
• Produce complete, accurate, and timely findings reports using client defined templates.
• Review FedRAMP compliance guidance and apply to the network infrastructure environment.
• Support the agency with FISMA metrics, reporting and work with network engineers to improve compliance levels.
• Support the agency with HWAM CDM reporting and work with network engineers to improve compliance levels.
• Review and analyze needed updates to existing set of security documents (e.g., system boundaries, privacy impact assessments [PIAs], system security plans [SSPs], risk assessments [RAs], memoranda of understanding, interconnection security agreements, contingency plans [CPs], etc.)
• Review vulnerabilities reported on network infrastructure devices and collaborate with network security engineers to review vulnerability scan results.
• Review ongoing updates to Federal security requirements agency templates, federal cybersecurity policy, e.g., Office of Management and Budget (OMB) Memorandum, NIST Special Publications, and FedRAMP.
• Review Federal security requirements/mandates and review new network designs for compliance.
• Participate in the assessment of low, moderate, and high impact information systems to include Cloud services.
• Establish and maintain professional relationships with clients, customers, and team members and escalate issues when necessary.
• BS degree in Computer Science or Information Technology and 5 years' experience in a related field
• Experience performing Certification & Accreditation (C&A), Security Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation.
• Must be able to support the continuous maintenance of the System Security Plan (SSP) which is due annually.
• Experience performing Independent Security Assessment and Reporting (SAR).
• Experience performing Security control assessments as part of Continuous Monitoring NIST SP 800-53 compliance sustainment for application, infrastructure, and network.
• Experience drafting SOPs and technical work instructions including using Microsoft Visio or other topology-related applications.
• Must be able to obtain and maintain an HHS Public Trust clearance.

Preferred Qualifications & Experience

• Degree in Computer Science or Information Technology
• Five years’ experience in Cyber Security field with a focus on Assessment
• Experience with federal regulations and security compliance requirements for civilian federal agencies (FISMA, NIST 800 series, OMB A-130, FedRAMP, etc.)
• Experience conducting security control assessments/audits using NIST SP 800-53, including preparation of complete authorization packages.
• Minimum of one experience conducting FedRAMP Readiness Assessments for FedRAMP cloud environments or knowledge of cloud security.
• Experience with Health & Human Services, Department of the Interior, Department of Veterans Affairs (VA) or healthcare environment
• CompTIA Security ce, Certified Ethical Hacker (CEH), Certified Authorization Professional (CAP), or Certified in Risk and Information Systems Control (CRISC)

Additional Attributes for Success

• Strong written and verbal communication skills.
• The successful candidate will be able to communicate technical subjects effectively in both verbal and written mediums to both technical and non-technical audiences.
• Resourcefulness and problem-solving aptitude.
• Desire to work in a team environment and strong work ethic.