Job Closed
This listing is no longer active.
An engineering firm that delivers high-quality Healthcare IT, Cybersecurity, and Telecommunication solutions.
Information Security Officer
Location
United States
Posted
168 days ago
Salary
$112.8K - $140K / year
Seniority
Lead
Job Description
Information Security Officer
eSimplicity
• Work closely with the Product Owners, ISSOs, engineering and infrastructure staff to provide guidance on implementation if security policies, standards, and procedures • Analyze new or updated security requirements, collaborate with stakeholders, and develop responses that are clear and accurate • Support the review and update of ATO artifacts such as System Security Plans, Information System Contingency Plans, Configuration and Change Management Plans, Incident Response Plans, Privacy Impact Analysis, and more. • Interpret security risk assessment, review security scan results, assess security vulnerabilities and support the development and remediation of vulnerability and compliance issues via Plan of Action and Milestones (POA&Ms) • Support the development of implementation and design documentation relating to security feature implementation • Work with engineering and infrastructure personnel to document remediation for vulnerabilities and non-compliance issues • Analyze and interpret agency security requirements and provide governance communication to non-security personnel • Collaborate with product teams, ISSOs and other stakeholders in support of continuous monitoring and ATO efforts • Conducts vulnerability assessments and monitors systems, networks, databases and Web-based assets for potential system breaches. • Recommends and takes the lead on implementing changes to enhance security systems, prevent unauthorized access, and help mitigate security vulnerabilities. • Responds to alerts from information security tools. • Reports, investigates, and resolves higher level security incidents. • Responds to security tool outages, degradations in service, tune security rules and alerts, and setup/maintain security tool dashboards and reporting. • Research security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach. • Ensures compliance with regulations and privacy laws. • Conducts research to identify new attack vectors. • Educates and communicates security requirements and procedures to all users and new employees. • Recommend process improvements to the information system for risk mitigation. • Applies iterative security automation to all program aspects increasing overall security posture iteratively and never accepts the status quo. • Provide audit log review in Splunk, present any findings to ISSO, and plan for any investigation or remediation activities. • Periodic user and privileged access reviews.
Job Requirements
- Minimum of 8+ years of progressive experience in information security, cybersecurity engineering, or system security roles, with demonstrated technical depth and increasing responsibility.
- A bachelor's degree in computer science, Information Systems, Engineering, Business, or other related scientific or technical discipline.
- Significant hands-on experience supporting large Federal Government security programs, including operation within FISMA-regulated environments and direct alignment with CMS ARS 5.0+ requirements.
- Proven experience owning and maintaining an Authorization to Operate (ATO), including authoring, updating, and defending security artifacts such as System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), Incident Response Plans, Configuration Management Plans, Privacy Impact Assessments, contingency plans, and related documentation.
- Strong practical knowledge of NIST Risk Management Framework (RMF) and NIST 800-53 Rev. 5, with the ability to translate control requirements into actionable technical and operational security implementations.
- Demonstrated hands-on experience managing vulnerability and compliance scanning programs, including configuration, operation, interpretation of results, and remediation tracking using tools such as Tenable, AWS Security Hub, and Snyk.
- Ability to assess security findings, determine risk severity, prioritize remediation, and drive closure in close collaboration with engineering, infrastructure, and DevSecOps teams.
- Strong hands-on experience securing cloud-based environments, with a focus on AWS (IAM, GuardDuty, CloudTrail, Security Hub) and SaaS platforms.
- Demonstrated ability to embed security into DevSecOps and CI/CD pipelines, including defining security decision gates and integrating automated security testing and continuous monitoring.
- Experience performing Security Impact Analyses (SIAs), access reviews, and least-privilege enforcement across cloud, application, and CI/CD environments.
- Proven ability to configure, operate, and tune security tools, respond to alerts, and maintain dashboards and reporting for visibility into vulnerability, compliance, and overall security posture.
- Experience operating within Agile / SAFe delivery models, participating in sprint planning, PI planning, backlog refinement, and cross-team coordination to ensure security is embedded in delivery.
- Strong written and verbal communication skills, with the ability to clearly articulate security risks, requirements, and remediation strategies to technical teams, leadership, and government stakeholders.
- Ability to work independently and as part of a cross-functional team, managing multiple priorities in a fast-paced, highly regulated environment.
- Ability to obtain and maintain a Public Trust clearance and have resided in the United States for at least 3 of the last 5 years.
Benefits
- Highly competitive salary
- Full healthcare benefits
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Information Security Engineer – IAM Lead
Model NModel N is a software development company that provides high-tech and life sciences leaders with cloud revenue management solutions. As an employer, the company believes that its �
• Define the IAM roadmap and ensure alignment with security, compliance, and business needs. • Design and maintain enterprise IAM architectures for workforce, partners, and customers. • Lead initiatives related to authentication, authorization, identity governance, and privileged access. • Contribute to enterprise security architecture standards beyond IAM, with identity as a foundational control. • Set standards for identity lifecycle management, directory services, federation, and access controls. • Drive implementation of modern IAM capabilities such as SSO, MFA, password less authentication, SCIM, role-based access, and just-in-time access. • Oversee integration of cloud and on-prem applications using SAML, OIDC, and OAuth. • Evaluate tools, guide vendor selection, and manage technical relationships. • Develop reusable patterns, reference architectures, and security guidance for development teams. • Partner with engineering to embed IAM and security controls into CI/CD pipelines and cloud platforms. • Design and govern enterprise identity architecture across AWS, Okta, Entra ID, Active Directory, and hybrid environments. • Enforce least-privilege access using federation, roles, conditional access, and zero trust principles. • Architect secure access for cloud workloads, eliminating long-lived credentials and unmanaged identities. • Secure non-human identities, service accounts, APIs, and automation using scoped roles, ownership models, and rotation policies. • Design and operate centralized secrets and key management solutions using KMS, Vault, and PAM platforms. • Centralize identity logging, monitoring, and response for authentication and authorization events. • Support security operations by improving access-focused detection, alerting, and incident response workflows. • Establish access policies, role models, and attestation processes. • Ensure IAM and access controls meet regulatory, audit, and internal security expectations. • Provide oversight for provisioning, deprovisioning, and access escalation processes. • Guide monitoring and tuning of identity and security services to meet availability and performance targets. • Mentor IAM and security engineers and influence cross-functional teams. • Work closely with security, infrastructure, application owners, risk, and compliance partners. • Communicate technical and security concepts clearly to both technical and non-technical audiences. • Support incident response activities when identity or access systems are involved.
Senior Security Engineer, Detection and Response
1PasswordProductive businesses use 1Password to secure employees at scale.
• Design, build, and continuously improve threat detections across 1Password’s infrastructure • Lead and support security incident response activities • Apply threat intelligence and knowledge of attacker TTPs • Collaborate with Security, Infrastructure, and IT teams • Use automation, scripting, and Detection-as-Code practices • Own end-to-end security projects aligned with Detection & Response initiatives • Participate in a shared on-call rotation and support high-severity incidents • Contribute to operational maturity through playbooks, mentoring, tabletop exercises, and audits
• Gestión documental, elaboración de presupuestos, seguimiento de clientes y soporte técnico en proyectos de seguridad electrónica. • Documentación y Reportes: elaboración de presupuestos en Excel y maquetación en Word y PDF. • Búsqueda de materiales en páginas de proveedores. • Realización de informes de mantenimientos preventivos y supervisión de documentación recibida. • Proyectos y Soporte Técnico: desarrollo de proyectos en AutoCAD. • Realización de presentaciones en PowerPoint. • Control de documentación técnica de instalaciones. • Atención y Seguimiento a Clientes: presentación de presupuestos y acompañamiento del proceso.
• Define, maintain, and continuously improve rules, procedures, and processes in the ISMS considering internal and external requirements • Take over Lifecycle Management of Cybersecurity Rule Landscape • Manage and evolve the regulatory landscape as an efficient and effective regulatory system for cybersecurity • Implement and execute rule adherence measurement processes • Execute Cybersecurity Assessments • Exercise policy authority on the topic of cybersecurity • Assess and process security exceptions • Work with various data sources and to identify cyber risks within the organization • Conduct cyber risk assessments and prioritize risks based on their potential impact on the organization • Further develop the IT Service framework for cyber risk management • Actively track cyber risks, including evaluation of mitigation effectiveness • Support the management of ContiTechs external security posture • This role serves as the primary point of contact for rule interpretation and management / risk controls.
