Information Systems Security Officer I

🕒 il y a 2 mois

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Bellese Technologies

Site WebLinkedInTous les Emplois

51 - 200 employés

⚕️ Assurance santé

Healthcare Insurance • Technology • Public Sector Service

Bellese Technologies est une entreprise dédiée à l'amélioration du parcours des soins de santé grâce à l'innovation civique. Elle n'est pas seulement un fournisseur de services numériques, mais un véritable partenaire engagé à soutenir des millions d'Américains avec des solutions technologiques civiques. L'entreprise se distingue par son accessibilité, sa transparence et sa fiabilité, comme le prouve sa reconnaissance parmi les "20 fournisseurs de solutions technologiques les plus prometteurs pour le secteur public" par le CIO Review Magazine. Bellese met l'accent sur la conception de services, la gestion de produits, la science des données et l'ingénierie logicielle, avec un objectif de qualité des soins et de transparence des prix dans le secteur de la santé. Leur travail implique des méthodes de découverte complètes pour créer des services et des produits numériques répondant aux besoins des programmes, des politiques et des utilisateurs. L'entreprise opère avec une approche centrée sur l'humain et innovante, garantissant que ses solutions sont à la fois pratiques et efficaces, notamment dans le secteur public de la santé.

Description

• (1) SIA Maintenance (Primary Focus): You will proactively identify system changes in HQR and QMARS and document them in a Security Impact Analysis (SIA) to ensure the ATO remains valid. • CFACTS Governance: You will serve as the "Source of Truth" for the system's security posture in CFACTS, managing control implementation statements and evidence. • Audit Defense & Evidence Gathering: You will lead the "Audit Season" efforts, gathering screenshots, logs, and process documentation to prove to CMS auditors that controls are "Effective." • Risk Advising: You will attend sprint ceremonies for HQR (50%) and QMARS (50%) to advise developers on CMS security standards before they build, preventing "security rework" later. • POA&M Life-cycle: You will track security weaknesses from discovery to remediation, ensuring the program meets CMS's strict 30/60/90-day patching windows. • Policy Stewardship: You will ensure all program documentation (Contingency Plans, Incident Response Plans) is reviewed and signed off annually per FISMA requirements.

🎯 Exigences

• At least 4 years of experience establishing security controls as outlined in the responsibilities section above. • Experience working with two or more from the following: web application development, unix/linux environments, distributed systems, machine learning, developing large scale systems and API services, security software development • Experience with one or more infrastructure scripting languages: Terraform, CloudFormation, Ansible, Chef or Puppet, Kubernetes • Experience implementing two or more cloud-based solutions: global infrastructure, virtual clouds, virtual computing, serverless computing, load balancing and networking, data storage and data streaming, hadoop, map reduce, secured REST-based API endpoints, security • Direct, hands-on experience with CFACTS. (This experience is only available if you hve worked with CMS (Centers for medicare & medicaid) • Proven ability to author Security Impact Analyses (SIA), System Security Plans (SSP), and Privacy Impact Assessments (PIA) specifically under NIST 800-53 Rev 5 and CMS ARS 5.0. • A&A Lifecycle: Experience taking a system through the Assessment & Authorization (A&A) process to achieve or maintain an ATO (Authority to Operate). • Vulnerability Management: Ability to interpret Tenable/Nessus or WebInspect scans to translate technical vulnerabilities into POA&Ms (Plan of Action and Milestones) that developers can understand. • Cloud-Native Compliance: Understanding of how to document security controls for AWS-native services

🏖️ Avantages

• Remote First, Remote Only Culture • Four weeks paid time off yearly (prorated based on start date for the first year) • 10 paid floating company holidays • Flexible schedule • Work from home setup including a Macbook • Collaborative, learning environment • Medical, dental, and company-paid vision insurance • Optional HSA account with some medical plans and a company contribution • Company paid basic life and AD&D insurance coverages • Company paid short and long term life insurance • Optional critical illness and accident insurance • 401K plan with 3% safe harbor contribution • Wellness resources and virtual care • Perks Plus employee discounts