Title: Cybersecurity Analyst Job Description: Job ID Number RQ220334 Category Information Technology Employment Type Full Time Business Unit GDIT Location: Any Location / Remote Full Part/Time: Full time Job Req: RQ220334 Type of Requisition: Regular Clearance Level Must Currently Possess: None Clearance Level Must Be Able to Obtain: None Public Trust/Other Required: SSBI (T5) Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Indigenous Culture, Information Technology (IT), Security Controls, Security Practices Certifications: None Experience: 1 + years of related experience US Citizenship Required: No Job Description: GDIT is seeking aCybersecurity Analystto support the Indian Health Service PATH EHR system. This role will help deploy, assess, and secure a government-owned Electronic Healthcare Record (EHR) system within a cloud environment. The system must be deployed with a secure baseline, ensuring system integrity, confidentiality, and availability while maintaining compliance with healthcare and federal cybersecurity regulations and addressing vulnerabilities across interconnected medical and enterprise systems. GDIT has been supporting the IHS mission for 20+ years; working with the agency to provide integral services to raise health access and availability to 2.6 million American Indians and Alaska Natives. You'll be part of modernizing the EHR platform to enable better data access, patient experience, and quality of care for 567 tribes, 37 states, and over 600 medical facilities. Our work depends on a Cybersecurity Analyst joining our team to support the Indian Health Service (IHS) Electronic Health Records Modernization (EHRM) program. As a Cybersecurity Analyst supporting the IHS EHRM program, you will be responsible for performing security assessments, analyzing system configurations, identifying vulnerabilities, and ensuring compliance with federal cybersecurity requirements throughout the EHR implementation lifecycle. This position is fully remote! This role requires you to obtain and maintain an in-depth Public Trust Level 5. This investigation will review personal and criminal behavior, financial conduct, foreign influence, as well as other adjudications. HOW A CYBERSECURITY ANALYST WILL MAKE AN IMPACT: Conduct security assessments and support Authorization to Operate (ATO) activities under the NIST Risk Management Framework (RMF). Analyze security scan results (e.g., ACAS, Nessus, container scans) and track remediation efforts to closure. Perform continuous monitoring activities and maintain security documentation to support compliance with NIST 800-53 controls. Review and validate secure configurations across Windows, Linux, cloud, container, and network environments. Support the assessment of medical device integrations and EHR system interfaces to identify cybersecurity risks. Evaluate and document Ports, Protocols, and Services (PPS) requirements and maintain the PPSM Master List for EHR-related systems. Review firewall rules, boundary protections, IDS/IPS configurations, and secure network architecture diagrams. Assist in reviewing and validating DISA Security Technical Implementation Guides (STIGs) compliance. Assess authentication and access control implementations including MFA, SSO, RBAC, and privileged access management. Review Interface Control Documents (ICDs) and Interconnection Security Agreements (ISAs) to ensure cybersecurity requirements are met prior to submission. Support incident response efforts by analyzing logs, alerts, and security events impacting the EHR environment. Develop and maintain security documentation including Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and change requests. Provide cybersecurity recommendations to engineering and architecture teams to mitigate risk across cloud and on-prem environments. Assist in ensuring HIPAA and federal data privacy safeguards are implemented to protect patient information. REQUIRED QUALIFICATIONS AND EXPERIENCE: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. 3+ years of experience in cybersecurity analysis, assessment, or compliance roles in healthcare, government, or regulated IT environments. Experience with Cherokee Native American Culture and Indian Health personnel required Strong knowledge of NIST 800-53 and the Risk Management Framework (RMF), including security control assessments and POA&M management. Experience conducting vulnerability assessments and analyzing scan results. Knowledge of networking concepts including TCP/IP, ports, protocols, encryption standards (SSL/TLS), and secure network architecture principles. Understanding of authentication methods such as MFA, SSO, and identity federation. Experience with cloud environments (e.g., AWS, Azure, OCI) and applying security best practices to cloud-hosted services. Experience securing Windows and Linux operating systems. Familiarity with container technologies (Docker, Kubernetes) and associated security controls. Understanding of healthcare data privacy regulations (HIPAA) and federal information security standards (FISMA). Experience with DISA STIG validation and remediation. Ability to develop and maintain PPS documentation and security artifacts. Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Visio). Must be able to obtain a Public Trust Level 5 clearance. Ability to travel up to 25% of the year, if needed. DESIRED QUALIFICATIONS AND EXPERIENCE: Masters degree strongly preferred. Security certifications such as CompTIA Security+ CE, CISSP (Associate or full), CISM, or equivalent. Experience supporting federal ATO processes and interacting with Authorizing Officials (AOs). Advanced knowledge of encryption technologies, key management systems, and secure data transmission methods. Experience with zero-trust architecture implementation in federal healthcare environments. Familiarity with scripting languages (PowerShell, Python) to automate security analysis and reporting. Experience reviewing and securing healthcare interoperability standards (HL7-MLLP, FHIR, HTTPS). Experience supporting large-scale federal EHR implementations or healthcare IT modernization programs. Strong analytical and documentation skills with experience producing high-quality cybersecurity artifacts. Excellent organizational and time management skills with the ability to manage competing priorities. Ability to communicate effectively with engineers, architects, government stakeholders, and medical system owners. Ability to work independently within structured federal compliance frameworks. Proficiency with Adobe Acrobat Professional. GDIT IS YOUR PLACE: Full-flex work week to own your priorities at work and at home. 401K with company match. Comprehensive health and wellness packages. Internal mobility team dedicated to helping you own your career. Professional growth opportunities including paid education and certifications. Cutting-edge technology you can learn from. Rest and recharge with paid vacation and holidays. #IHSJobs #GDITFedHealthJobs The likely salary range for this position is $68,000 - $92,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: 10-25% Telecommuting Options: Remote Work Location: Any Location / Remote Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year. Paid leave and paid holidays are prorated based on the employee's date of hire. The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most. We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology. Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans PI284716247