Security - Security Engineer

4 days ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

Location: Remote

• Experienced Security Engineer with 5+ years of experience conducting security assessments for complex systems and applications.
• Past experience supporting CMS and/or HHS security requirements, including obtaining and maintaining ATO, performing full and 1/3 security assessments, and knowledge of CFACTS.
• Expert knowledge of FISMA, NIST, HIPAA, ARS, CMS OIS policies and standards, and best practices for CMS applications.
• Security testing skills, including knowledge of application architecture, code, SDLC.
• Excellent communication skills (verbal and written).
• Tools: Portswigger BurpSuite, QualysGuard, HP Fortify, JAVA.

• Provide expert analysis and review to ensure systems supported by SCG comply with CMS and HHS security requirements, including NIST, FISMA, HIPAA, ARS, and CMS policies and standards.
• Guide and assist development teams in obtaining Authorization to Operate (ATO) for new applications.
• Perform Annual and On Demand ACT Security Assessments, including developing and executing test plans, interviewing stakeholders, documenting findings, and uploading information to CFACTS.
• Create POAMs in CFACTS for all security findings, monitor and update until issues are resolved.
• Advise CMS and HHS on security requirements throughout SDLC.
• Support transitions from current CFACTS and ARS Control versions to higher versions.
• Create and maintain system security documentation (SSP, ISRA, SDD, etc.).
• Perform security risk analysis and recommend mitigation solutions.
• Serve as a trusted security advisor to CMS/HHS and project stakeholders.

Quadrant, Inc. is an equal opportunity and affirmative action employer. We are committed to a diverse and inclusive workplace.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Other
• Industries: IT Services and IT Consulting