Vacancy expired!
Title
Security Specialist (Computer Systems Specialist)LocationBaltimore, MD 21202Duration+ 1 year Description/Role The Client, an independent unit of state government, provides accessible, affordable health coverage to Marylanders. Client is responsible for the administration of Maryland Health Connection (MHC), the state’s health insurance marketplace. Through MHC, Maryland residents explore health insurance plans, compare rates, and determine their eligibility for advanced premium tax credits (APTC), cost sharing reductions (CSR) and public assistance programs such as Medicaid and the Maryland Children’s Health Insurance Program (MCHP). Client seeks one (1) Computer Systems Specialist (Security) to administer security systems for the client systems. Duties and Responsibilities:- Develop and implement cloud security controls, cloud-based processes and tools, and cloud security task automation.
- Perform security assessments, working closely with DevOps and Developer teams on identifying security and privacy issues in AWS or Azure and finding solutions to provide required functionality securely.
- Continuously monitor cloud security operations, responding to security issues and escalating as necessary.
- Conduct security impact analysis of controls on proposed system changes.
- Conduct cloud security assessments and Penetration testing.
- Perform Incident Response and Forensics evaluation using security information and event management (SIEM) tools.
- Ensure that the client system security requirements are addressed during all phases of the system development life cycle.
- Review and update systems security documentation and artifacts such as Systems Security Plan, Information Security Risk Assessment, Privacy Impact Assessment, Systems Security Report, Correction Action Plan, Plan of Action & Milestones (POA&M).
- Create and track POA&M requirements for resolving security findings.
- Administer cloud-based and physical firewalls.
- Adhere to all security, change control and client Project Management Office (PMO) policies, processes and methodologies.
- A minimum of six (6) years of experience in analyzing and defining security requirements for large and mission critical IT security requirements.
- A minimum of two (2) years performing day-to-day security operations functions including administration, troubleshooting, and resolution of various security components.
- A minimum of three (3) years of hands-on experience in performing cloud security functions.
- A minimum of three (3) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities.
- Demonstrated production experience using AWS or Azure supporting security operations.
- Experience in performing Security Incident Response and Forensics evaluation with SIEM tools.
- Working knowledge of AWS security features such as Security Groups, Network Access Control List, Firewall, WAF, Guard Duty, Macie, CloudTrail, CloudWatch, Control Tower etc.
- Experience with assessment and evaluation of information systems to recommend changes, mitigate threats, risks, and vulnerabilities
- A minimum of five (5) years of experience in providing Cloud Security.
- A minimum of five (5) years of experience in assisting organizations meet NIST SP 800-37, NIST 800-53, IRS Publication 1075, MARS-e 2.0 requirements.
- A minimum of five (5) years of experience with AWS security on S3, EC2, Security Groups, NACL, etc.
- A minimum of five (5) years of experience with conducting Incident Response testing to evaluate processes for detection, response, and reporting of security incidents
- A minimum of five (5) years of experience with Data Security practices on encryption, masking.
- A minimum of five (5) years of experience with assessment and evaluation of information systems to recommend changes, mitigate threats, risks, and vulnerabilities.
- A minimum of three (3) years of experience with Data Loss Prevention tools and technologies.
- Experience in configuring ASA and/or Fortinet firewalls.
- Possess one or more of the following security certifications: (i.e., CISSP, GIAC, CEH, Security+, Amazon Certified Security Specialty, Microsoft Certified: Azure Security Engineer).