Request ID:IN-8551-1 (98490123)
Security Analyst with HIPAA, NIST, MARS-E, SIEM, UNIX, Windows, Linux, MacOS, Cisco, Juniper, web apps, databases,IAM and FISMA Experience
Location:Columbia, SC
Duration:12 Months
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
3+ years of HANDS-ON experience in network design, implementation and support
Deep technical knowledge of secure system design principles, security architecture, network and system compliance tools, data protection schemes and access models.
PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
1.Prior experience in working with any eGRC systems.
2.Prior Health Information Technology experience.
3.Strong working knowledge of FISMA, NIST, CMS MARS-E and HIPAA Security and Privacy.
REQUIRED EDUCATION/CERTIFICATIONS:
1.BS degree in computer science or similar discipline. Equivalent experience will be considered for
candidates with strong HANDS-ON experience.
2.Security+ or equivalent certification is required
PREFERRED EDUCATION/CERTIFICATIONS:
1.ISC(2), ISACA, SANS GIAC and/or other Information Security Certification.
2.Microsoft, CISCO, VMWare or other similar certifications will be considered a plus
Experience
Cloudcloud platforms / environmentsNo1LeadWithin 1 Year4 – 6 Years
EducationTechnical CertificationsYes1LeadCurrently Using4 – 6 Years
EducationBachelor’s degree in a technical or business fieldNo1LeadCurrently Using4 – 6 Years
MiscellaneousDemonstrated knowledge/skills of the IT industry which includes: multi-tiered architectures, enterprise applications, evaluation of emerging technologies, networks, data management systems and hardware systems.Yes1ExpertWithin 1 Year4 – 6 Years
MiscellaneousExperience in designing and implementing enterprise level systems architectures.Yes1ExpertWithin 1 Year4 – 6 Years
Network SecuritySecurity – Knowledge in networking, databases, systems and Web operationsYes1ExpertWithin 1 Year4 – 6 Years
Network SecurityFederal Information Security Management Act (FISMA)No1IntermediateWithin 1 Year4 – 6 Years
Network SecurityHIPAA SecurityNo1IntermediateWithin 1 Year4 – 6 Years
Network SecurityMARS-ENo1IntermediateWithin 1 Year4 – 6 Years
Network SecuritySecurity Information Event Management (SIEM) systems development / configurationNo1AdvancedWithin 1 Year4 – 6 Years
Network SecuritySECURITY TOOLS – Ability to install and use various security toolsNo1AdvancedWithin 1 Year4 – 6 Years
Networking & DirectoriesExperience with UNIX, Windows, Linux, MacOS, Cisco, Juniper, web apps, databases, strong authentication, operating systems and network security protocols and procedures.No1LeadWithin 1 Year4 – 6 Years
Networking & DirectoriesIdentity Access Management (IAM)No1LeadWithin 1 Year4 – 6 Years
SpecialtiesConduct research into infrastructure issues and productsNo1LeadWithin 1 Year4 – 6 Years
DAILY DUTIES / RESPONSIBILITIES:
This is a HANDS-ON Role
The System Security Engineer will report to the Office of Information Assurance and operate as an experienced consultant and may have opportunities to work with SCDHHS leadership, business units, business partners and vendors.
Technical Knowledge:
HANDS-ON experience with any or all of the following technologies would be considered a desirable for this position:
System/Infrastructure Administration
Log management
Log Correlation Rules Creation/Modification
Hypervisor Host Management
Secure System Design – Infrastructure hardening and Secure application and Database (SQL, Oracle, NoSQL, etc.)
security, development, deployment and management
System and application security continuous monitoring expertise utilizing tools such as Nessus, Saint, Qualys, etc.
Security Information and Event Management (SIEM) solutions such QRadar, Splunk Enterprise Security, Security
Onion, etc.
Linux and Windows servers
Identity and Access Management (IAM)
Cloud security and integration
Threat Intelligence Integration
Security Program Experience:
Experience with CMS MARS-E or other FISMA Risk Management Framework (RMF) compliant programs is not required but may be considered desirable in the event that strong parity in technical skills is identified in multiple candidates.
Experience with development and integration of Security tasks and artifacts into the System/Software Development Life Cycle (SDLC) is ideal.
Experience in security as related to multi-tenant, cloud services and vendor interface management would be desirable for this position.