Systems Security Specialist Sr

Duties:

• Develop and implement cloud security controls,
  cloud -based processes and tools, and cloud security task automation. 
  
• Perform security assessments, working closely
  with DevOps and Developer teams on identifying security and privacy
  issues in AWS or Azure and finding solutions to provide required functionality
  securely. 
  
• Continuously monitor the Health Benefit
  Exchange (HBX) and ancillary systems, not limited to cloud security operations,
  responding to security issues and escalating as necessary. 
  
• Conduct security impact analysis of controls on proposed
  system changes. 
  
• Conduct cloud security assessments and Penetration
  testing. 
  
• Perform Incident Response and Forensics evaluation using
  security information and event management (SIEM) tools. 
  
• Ensure that the MHBE system security
  requirements are addressed during all phases of the system development life
  cycle. 
  
• Review and update systems security documentation and
  artifacts such as Systems Security Plan, Information Security Risk Assessment,
  Privacy Impact Assessment, Systems Security Report, Correction Action Plan,
  Plan of Action & Milestones (POA&M). 
  
• Create and track POA&M requirements for resolving
  security findings. 
  
• Administer cloud -based and physical firewalls. 
  
• Deploy and administer Identity and Access Management
  products in various operating systems. 
  
• Perform monitoring and operations of Identity and Access
  Management implementation. 
  
• Design enhancements in Identity and Access Management
  products ForgeRock and SailPoint. 
  
• Maintain, monitor, and provide operational support
  for IAM products, computer programs, systems, and other security technologies,
  and revise system design and quality standards. 
  
• Make changes to IAM and underlying applications to
  enhance enterprise security and ensure safe and secure operation to enable
  access to our systems for our employees, contractors, consumers, and
  stakeholders. 
  
• Perform Security Incident Response and Forensics
  evaluation using security information and event management (SIEM) tools. 
  
• Provide operational support for other security
  technologies. 
  
• Perform account/access management with IAM and other
  security tools. 
  

Note: candidate must be flexible to work overtime as
needed, including weekends, holidays, and off -hours.

Education:

• Bachelor's Degree from an accredited college or
  university with a major in Computer Science, Information Systems, Engineering,
  Business, or other related scientific or technical discipline.
  

Minimum
Qualifications:

• A minimum of eight (8) years of experience analyzing,
  defining, deploying, monitoring, and administering security requirements
  and controls for large and mission -critical IT systems.  
  
• A minimum of five (5) years performing day -to -day
  security operations functions, including administration, troubleshooting, and
  resolution of various security components. 
  
• A minimum of four (4) years of hands -on experience in
  performing cloud security functions. 
  
• A minimum of four (4) years of experience in defining
  computer security requirements for high -level applications and evaluating
  approved security product capabilities. 
  
• A minimum of four (4) years
  of demonstrated production experience using AWS Cloud supporting
  security operations. 
  
• A minimum of four (4) years of experience with
  administering security for Windows and Linux operating systems.  
  
• Experience in performing Security Incident Response and
  Forensics evaluation with SIEM tools. 
  
• Working knowledge of AWS security features such as
  Security Groups, Network Access Control List, Firewall, WAF, Guard Duty, Macie,
  CloudTrail, CloudWatch, Control Tower, etc. 
  
• Experience with assessment and evaluation of information
  systems to recommend changes and mitigate threats, risks, and
  vulnerabilities. 
  
• Demonstrated ability to perform scheduled maintenance
  activities such as patching, performance tuning, and backups. 
  
• Demonstrated ability to perform user provisioning and
  de -provisioning activities. 
  
• Experience in monitoring the security
  infrastructure for operational effectiveness. 
  

Preferred
Qualifications:

• A minimum of five (5) years of experience implementing,
  administering, and monitoring Security Controls and Governance for
  public -facing complex IT systems. 
  
• A minimum of five (5) years of specialized experience in
  defining computer security requirements for high -level applications, evaluating
  approved security product capabilities, and developing solutions to multilevel
  security problems. 
  
• A minimum of five (5) years of hands -on experience
  providing operational support for ForgeRock and Sailpoint IAM
  products. 
  
• A minimum of five (5) years of experience with the
  assessment and evaluation of information systems to recommend changes and
  mitigate threats, risks, and vulnerabilities. 
  
• A minimum of five (5) years of experience conducting
  Incident Response testing to evaluate processes for detection, response, and
  reporting of security incidents. 
  
• A minimum of three (3) years of hands -on experience
  designing, developing, deploying, and administering security policies for
  health insurance marketplaces or complex health and human services
  systems. 
  
• Experience configuring ForgeRock to enable single sign -on
  with different applications and implementing password sync across all internal
  applications. 
  
• Experience with configuration and administration of
  SailPoint and performing tasks such as designing an organizational tree
  structure and creating provisioning and de -provisioning policies. 
  
• Experience implementing ID policies, password policies,
  access control lists (ACL), reconciliation, service definition, the
  configuration of remote resources, workflows, password synchronization,
  reconciliation schedules, and life cycle management. 
  
• Experience in providing detailed configuration and
  administration for programs such as ACL configuration, Group Management, and
  configuration management. 
  
• Hands -on experience with troubleshooting, investigating
  operational problems, and providing workarounds, resolutions, and
  remediations. 
  
• Experience developing IT Security roadmaps and execution
  plans. 
  
• Demonstrated technical knowledge of command line
  utilities running on various platforms, including Linux and MS Windows. 
  
• Experience with the implementation of integration
  solutions between the IAM system and user account repositories such as Active
  Directory, LDAP, and Databases. 
  
• Experience with Java, JavaScript, and shell
  scripts. 
  
• Experience assisting organizations meeting NIST
  SP 800 -37, NIST 800 -53, IRS Publication 1075, and MARS -e 2.0
  requirements. 
  
• Experience with conducting vulnerability management and
  penetration testing efforts. 
  
• Experience in configuring and reviewing ASA and/or
  Fortinet firewalls. 
  
• Possess one or more security certifications such as
  CISSP, ISO, CSA STAR Cloud Security Advisor, CCSE, QCS, CNA, VCP, or
  equivalent. 
  
• Experience working with the Project Management Office
  (PMO) processes, policies, and procedures.