Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Information Security Consultant
Company ARDX, Inc.
Location US - Remote
Preferred GIAC Certifications GISP
Travel 10%
Salary Not provided
Contact Name Tina James
Contact Email tina.james/at/
Expires 2019-11-21

Job Description

Position Description: Serve as security lead for federal and other ARDX information systems as identified and provide security and compliance monitoring and guidance to the organization. Provide expertise in developing and documenting system security plans, contingency plans, and other security related documents. Lead teams through successful external security audits. Complete Authority to Operate (ATO) security packages. Create and manage plans of action and milestones (POA&M) for the organization.

• Serve as Security Subject Matter Expert (SME) for ARDX and clients
• Perform risk assessments of IT infrastructure and applications and make recommendations for improvements based on client’s stated risk tolerance levels
• Identify, document, track and remediate any system vulnerabilities
• Audit, test, or review system architecture for compliance with best practices and regulatory requirements
• Assure compliance that all systems meet or exceed the CMS Minimum Security Requirements as defined in the Acceptable Risk Safeguards (ARS)
• Document Plan of Action and Milestones (POA&M) and implement corrective actions to develop, implement, manage, and track implementation as required by CMS
• Manage all security audits and annual security artifact updates
• Manage POA&M’s by creating and documenting new weakness milestones, including all necessary actions for each milestone required to fully-remediate the identified weakness
• Support the CMS incident response plans by investigating system security escalations, potential breaches, and track all incidents to resolution
• Thoroughly analyze Security Configuration Checklists to assure compliance to the CMS Security Configuration Management metrics as well as the NIST SP 800-70 Rev. 2 checklist program
• Provide ongoing support of the CMS Section 912, FISMA, and SSAE-16 annual audits and remediation efforts
• Provide guidance, knowledge transfer, security awareness, and coaching to team members on IT security protocols
• Assist with penetration testing requirements, including scheduling, remediation tracking, and subsequent submission of findings to the CMS FISMA Controls Tracking System (CFACTS)
• Represent security at CMS Technical Review Boards (TRB) and other client required security related meetings
• Provide hands on participation in the continuous refinement of the Information Security Risk Assessment (ISRA) plan
• Assure compliance to Security Controls and ISO 9001:2015 standards
• Maintain and improve internal control documents, standard operation procedures (SOPs) and reference guides
• Ensure that an operational contingency plan (CP) is tested and submitted timely on an annual basis to meet CMS security requirements
• Effectively manage multiple tasks and work under pressure to meet deadlines
• Represent ARDX as needed at meetings and other forums with a variety of agencies, groups and organizations
• Work with minimal direction to analyze and interpret findings and make recommendations regarding such
• Develop and operationalize annual security plan to include timeline for planned activities and resources required to ensure delivery
• Develop and maintain roles, responsibility, and level of effort for security processes
• Serve as ARDX Senior Information Security Officer as assigned
• Perform other duties as assigned

Required Qualifications:
• Bachelor’s Degree in Cyber Security, Information Technology, Business, or related field
• CISSP, CISA, CISM, Security+ or similar GIAC security certifications preferred
• A minimum of 5 years of experience in the field or related area
• Experience working with CMS Security standards required
• Experience in web based, legacy and client server system administration
• Experience with network administration; LINUX administration preferred
• Cloud-based architecture experience preferred
• Hands on experience with monitoring, network diagnostics and network analytics tools preferred
• Knowledge of CMS Expediated life Cycle (XLC), NIST, ARS, HITRUST or related security guidelines/frameworks required
• Experience completing Authority to Operate (ATO) security packages
• Proven understanding of the FISMA and NIST security standards required
• Experienced in Plan of Action and Milestones (POA&M) Management or related experience
• Demonstrated experience in configuration and vulnerability scanning and remediation
• Security Technical Implementation Guide (STIG) and System Configuration Checklists (SCC’s) background
• Knowledge of the Risk Management Handbook (RMH)
• Strong project management skills
• Experience working in a client facing consulting role required

EOE AA/M/F/Vet/Disability