Listing Description
eSimplicity is modern digital services company that delivers innovative federal and commercial IT solutions designed to improve the health and lives of millions of Americans while defending our national interests. Our solutions and services improve healthcare for 100+ million Americans, protect our borders, and defend our country by supporting and innovating with the Air Force, Space Force, and Navy. Our team of 200+ engineers, designers and strategists relentlessly challenge the status quos, build consensus and collaborate to deliver new solutions with an unwavering focus on the user experience from start to finish.
eSimplicity is seeking a Director of Information Security who is responsible for taking the lead on implementing security tools, security tool usage, ensuring tools remain compliant and configured properly, setting program policy all the while ensuring a successful program ATO. The DISprovides oversight and is the subject matter expert to lower-level Security personnel. The DISis responsible for monitoring, evaluating, and maintainingcloud systems and procedures to safeguard client/internal information systems, networks, databases, and Web-based assets
Responsibilities: May lead or conduct vulnerability assessments and monitor systems, networks, databases and Web-based assets for potential system breaches. Recommends and takes the lead on implementing changes to enhance security systems and prevent unauthorized access. Responds to alerts from information security tools. Reports, investigates, and resolves higher level security incidents. Responds to security tool outages, degradations in service, tune security rules and alerts, and setup/maintain security tool dashboards and reporting. Research and strategize security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate system breach. Ensures compliance with security policies, regulations and privacy laws. Educates and communicates security requirements and procedures to all users and new employees. Strategically guides program security/cyber strategy for a continuous security practice and designs all security and privacy policies across corporate and client programs. Develop, prepare (and engages with other Security SME’s) a continuous security training curricula used across the program to encourage a security mindset and role-based security training curriculaacross the team. Applies iterative security automation to all program aspects increasing overall security posture iteratively and never accepts the status quo. Responsible for program Security and Privacy strategies across all teams. Ensures a consistent approach and management across the program. Leads our Corporate and Client facing security staff and security best practices. Leads security practices with a vision be it for business development, client facing, or corporate needs. As a security leader,you will mentor, coach, and establish Security and Privacy best practices used across all delivery programs. As a security leader,you will participate in business development activities, technical challenges and contribute to technical business development responses.
Required Qualifications: A bachelor's degree in computer science, Information Systems, Engineering, Business, or other related scientific or technical discipline. With ten years of general information technology experience and at least four years of specialized experience, a degree is not required. Expert in setting program level security strategy (Privacy and Security Policies) Technical conceptual knowledge of cloud architectures/services (AWS, Microsoft & Google), Datacentric systems, Application Engineering,DataOps,DevSecOpsandMLOps Understands continuous automated security practices applied to a variety of technical contexts Expert in designing security “baked-in” to any architecture: Cloud and IaC, Applications, Web application, Data Processing, Data Centric Applications, AI/ML, CICD Pipelines; seeks automation driven designs. Experience with Agile methodologies Experience with Atlassian Jira/Confluence Experience with Security Information and Event Management (SIEM) systems. Demonstrated work experience and conceptual expertise with the following: computer networking, cryptography, security engineering and architecture patterns, vulnerability assessments, or operating systems required. Broad experience using cloud services, Linux systems, and Development/Data engineering core tools GitHub, GitHub Actions, Security Tools, etc. Demonstrated working knowledge of vulnerability assessment and penetration testing tools. Understands how to assess vulnerabilities and provide recommendations regardless of first-hand knowledge of the application or system. Proven ability to work effectively both independently and/or in a team setting. Ability to communicate technical information to a non-technical audience. Must possess strong analytical and problem-solving abilities; and strong critical-thinking skills in complex communication environments. Strong attention to detail. Required to manage/follow-through of multiple independent tasks, dependencies across intra/inter-project teams Excellent organizational and time-management skills in a fast-paced environment. Excellent customer service skills with the ability to deal tactfully, confidently, and ethically with both internal and external customers. Expert in Government Agency Security Assessment Process in support of maintaining and/or establishing an ATO and the appropriate boundary. Experience with Centers for Medicare and Medicaid Services security practices or industry certification such as the CISSP, CEH, GIAC, etc. A driven security/privacy policy and engineering SME with an interest in driving their own career and corporate strategy through the business development engagement process. A passionate security and privacy leader that brings this passion to mentor other Security SMEs and promotes a security mindset across all engineering roles through continuous training engagements on/off the programs. Proven experience establishing a multi-program strategy for security and best practices (policy, process and technology). Excellent command of written and spoken English. Ability to obtain and maintain a Public Trust; residing in the United States
Desired Qualifications: Experience working in the healthcare industry or Government Agency: CMS, DoD, DISA, CDC, HHS (any of those are preferred) Federal Government contracting work experience Highly preferred industry certification such as the CISSP, CEH, GIAC, etc. eSimplicity supports a remote work environment operating within the Eastern time zone so we can work with and respond to our government clients. Expected hours are 9:00 AM to 5:00 PM Eastern unless otherwise directed by your manager.
Occasional travel for training and project meetings. It is estimated to be less than 5% per year.
Benefits:
We offer highly competitive salary, full healthcare benefits and a flexible leave policy.
Equal Employment Opportunity:
eSimplicity is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, age, status as a protected veteran, sexual orientation, gender identity, or status as a qualified individual with a disability.
Listing Details
-
Citizenship:
Not Provided
-
Incentives:
Not Provided
-
Education:
Not Provided
-
Travel:
Not Provided
-
Telework:
Not Provided