Information Systems Security Officer I

🕒 Março 26

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Bellese Technologies

SiteLinkedInTodas as Vagas

51 - 200 funcionários

⚕️ Seguro de Saúde

Healthcare Insurance • Technology • Public Sector Service

Bellese Technologies é uma empresa focada em melhorar a jornada de saúde por meio da inovação cívica. Eles não são apenas um prestador de serviços digitais, mas um parceiro comprometido em apoiar milhões de americanos com soluções de tecnologia cívica. A empresa se orgulha de ser acessível, transparente e confiável, como evidenciado por seu reconhecimento como um dos '20 Provedores de Soluções Tecnológicas Mais Promissores para o Setor Público' pela revista CIO Review. A Bellese enfatiza o design de serviços, gestão de produtos, ciência de dados e engenharia de software, tudo com foco em melhorar a qualidade dos cuidados e a transparência de preços na saúde. Seu trabalho envolve métodos de descoberta de ponta a ponta para criar serviços e produtos digitais que atendam às necessidades de programas, políticas e usuários. A empresa opera com uma abordagem centrada no ser humano e inovadora, garantindo que suas soluções sejam práticas e eficazes, especialmente no setor público de saúde.

Descrição

• (1) SIA Maintenance (Primary Focus): You will proactively identify system changes in HQR and QMARS and document them in a Security Impact Analysis (SIA) to ensure the ATO remains valid. • CFACTS Governance: You will serve as the "Source of Truth" for the system's security posture in CFACTS, managing control implementation statements and evidence. • Audit Defense & Evidence Gathering: You will lead the "Audit Season" efforts, gathering screenshots, logs, and process documentation to prove to CMS auditors that controls are "Effective." • Risk Advising: You will attend sprint ceremonies for HQR (50%) and QMARS (50%) to advise developers on CMS security standards before they build, preventing "security rework" later. • POA&M Life-cycle: You will track security weaknesses from discovery to remediation, ensuring the program meets CMS's strict 30/60/90-day patching windows. • Policy Stewardship: You will ensure all program documentation (Contingency Plans, Incident Response Plans) is reviewed and signed off annually per FISMA requirements.

🎯 Requisitos

• At least 4 years of experience establishing security controls as outlined in the responsibilities section above. • Experience working with two or more from the following: web application development, unix/linux environments, distributed systems, machine learning, developing large scale systems and API services, security software development • Experience with one or more infrastructure scripting languages: Terraform, CloudFormation, Ansible, Chef or Puppet, Kubernetes • Experience implementing two or more cloud-based solutions: global infrastructure, virtual clouds, virtual computing, serverless computing, load balancing and networking, data storage and data streaming, hadoop, map reduce, secured REST-based API endpoints, security • Direct, hands-on experience with CFACTS. (This experience is only available if you hve worked with CMS (Centers for medicare & medicaid) • Proven ability to author Security Impact Analyses (SIA), System Security Plans (SSP), and Privacy Impact Assessments (PIA) specifically under NIST 800-53 Rev 5 and CMS ARS 5.0. • A&A Lifecycle: Experience taking a system through the Assessment & Authorization (A&A) process to achieve or maintain an ATO (Authority to Operate). • Vulnerability Management: Ability to interpret Tenable/Nessus or WebInspect scans to translate technical vulnerabilities into POA&Ms (Plan of Action and Milestones) that developers can understand. • Cloud-Native Compliance: Understanding of how to document security controls for AWS-native services

🏖️ Benefícios

• Remote First, Remote Only Culture • Four weeks paid time off yearly (prorated based on start date for the first year) • 10 paid floating company holidays • Flexible schedule • Work from home setup including a Macbook • Collaborative, learning environment • Medical, dental, and company-paid vision insurance • Optional HSA account with some medical plans and a company contribution • Company paid basic life and AD&D insurance coverages • Company paid short and long term life insurance • Optional critical illness and accident insurance • 401K plan with 3% safe harbor contribution • Wellness resources and virtual care • Perks Plus employee discounts