Cybersecurity Analyst
United States
Full Time
2 weeks ago
$68,000 - $92,000 USD
Visa Sponsor
Key skills
AWSAzureCloudCyber SecurityDockerKubernetesLinuxTCP/IPSSORisk ManagementFirewall
About this role
Role Overview
- Conduct security assessments and support Authorization to Operate (ATO) activities under the NIST Risk Management Framework (RMF)
- Analyze security scan results (e.g., ACAS, Nessus, container scans) and track remediation efforts to closure
- Perform continuous monitoring activities and maintain security documentation to support compliance with NIST 800-53 controls
- Review and validate secure configurations across Windows, Linux, cloud, container, and network environments
- Support the assessment of medical device integrations and EHR system interfaces to identify cybersecurity risks
- Evaluate and document Ports, Protocols, and Services (PPS) requirements and maintain the PPSM Master List for EHR-related systems
- Review firewall rules, boundary protections, IDS/IPS configurations, and secure network architecture diagrams
- Assist in reviewing and validating DISA Security Technical Implementation Guides (STIGs) compliance
- Assess authentication and access control implementations including MFA, SSO, RBAC, and privileged access management
- Review Interface Control Documents (ICDs) and Interconnection Security Agreements (ISAs) to ensure cybersecurity requirements are met prior to submission
- Support incident response efforts by analyzing logs, alerts, and security events impacting the EHR environment
- Develop and maintain security documentation including Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and change requests
- Provide cybersecurity recommendations to engineering and architecture teams to mitigate risk across cloud and on-prem environments
- Assist in ensuring HIPAA and federal data privacy safeguards are implemented to protect patient information.
Requirements
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field
- 3+ years of experience in cybersecurity analysis, assessment, or compliance roles in healthcare, government, or regulated IT environments
- Experience with Cherokee Native American Culture and Indian Health personnel required
- Strong knowledge of NIST 800-53 and the Risk Management Framework (RMF), including security control assessments and POA&M management
- Experience conducting vulnerability assessments and analyzing scan results
- Knowledge of networking concepts including TCP/IP, ports, protocols, encryption standards (SSL/TLS), and secure network architecture principles
- Understanding of authentication methods such as MFA, SSO, and identity federation
- Experience with cloud environments (e.g., AWS, Azure, OCI) and applying security best practices to cloud-hosted services
- Experience securing Windows and Linux operating systems
- Familiarity with container technologies (Docker, Kubernetes) and associated security controls
- Understanding of healthcare data privacy regulations (HIPAA) and federal information security standards (FISMA)
- Experience with DISA STIG validation and remediation
- Ability to develop and maintain PPS documentation and security artifacts
- Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Visio)
- Must be able to obtain a Public Trust Level 5 clearance
- Ability to travel up to 25% of the year, if needed.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Docker
- Kubernetes
- Linux
- TCP/IP
Benefits
- 401K with company match
- Comprehensive health and wellness packages
- Full-flex work week to own your priorities at work and at home
- Professional growth opportunities including paid education and certifications
- Cutting-edge technology you can learn from
- Paid vacation and holidays
- GDIT Paid Family Leave