Lead Security Engineer

Summary

Join our team as a Lead Security Engineer and contribute to a 12+ month remote project based in Washington, DC. You will be responsible for identifying and mitigating security vulnerabilities, designing and implementing security solutions, and responding to security incidents across on-premises and cloud resources. This role requires extensive experience in cybersecurity, including network security, application security, and compliance with federal regulations. You will collaborate with IT teams, develop security policies, and provide security awareness training. The ideal candidate possesses strong leadership, communication, and problem-solving skills. This position offers the opportunity to make a significant impact on the organization's security posture.

Requirements

• Minimum of 15 years of experience working in the field of cybersecurity
• Knowledge of federal and industry-specific regulations and compliance requirements related to cybersecurity (e.g., FISMA, HIPAA, GDPR)
• Experience in preparing for and participating in security audits and assessments
• Expertise in network security, including firewalls, intrusion detection/prevention systems, and VPNs
• Proven experience with security assessment tools and methodologies
• Proficiency in security technologies such as SIEM (Security Information and Event Management) systems and endpoint protection solutions
• Experience with security monitoring tools, log analysis, and incident response procedures in Azure environments
• Strong leadership skills with the ability to motivate and manage a team effectively
• Excellent communication and interpersonal skills to work collaboratively with diverse teams and stakeholders
• Demonstrated ability to develop and implement security policies, procedures, and standards
• Experience in incident response, including conducting investigations and managing security incidents
• Strong understanding of cloud security principles and best practices
• Strong knowledge of network security, encryption, authentication methods, and security protocols
• Excellent problem-solving skills and attention to detail
• Strong communication skills and ability to work collaboratively with cross-functional teams
• Bachelor’s degree in IT or related field or equivalent experience; or a current Project Management Professional (PMP) Certification
• MS Office/PowerPoint experience
• Knowledge and exp in state and federal information security laws, including but not limited to HIPAA, including NIST, PCI and all other regulations
• Proven expertise in presenting executive level reports on project security and compliance
• Proven track record in the successful completion of an SDLC from a security workstream standpoint
• Expertise translating security protocols and requirements to stakeholders and/or technical project managers
• Knowledge of project management tools - JIRA, SharePoint, Sciforma, Salesforce, MS Project (preferably)
• Proven documentation expertise for the purpose of security policy development, audit finding responses, security risks/gap analysis reports etc
• Proven experience functioning as the prim POC for IT security audits
• Knowledge of HIPAA, state and federal guidelines on security, transactions and security
• Experience working in IT Security for the Health and Human Services sector
• Experience managing a team of IT professionals specializing in IT Security
• Excellent communication and leadership skills
• Expert knowledge of the MS Office Suite
• Proven knowledge and expertise with health care relevant legislation and standards for the protection of health information and patient security
• Professional Experience that Meets the requirements for a Master Level Business Systems Analyst

Responsibilities

• Conduct security assessments and audits to identify vulnerabilities and provide recommendations for remediation of client assets
• Design, implement, and manage security infrastructure and tools, including firewalls, intrusion detection systems, vulnerability management systems, antivirus systems
• Collaborate with IT teams to ensure security best practices are integrated into IT projects and operations for divisions providing services internally and externally
• Develop and maintain security policies, procedures, and standards
• Monitor security systems and respond to security incidents in a timely manner
• Provide security awareness training to employees and stakeholders
• Stay up to date with the latest security trends, threats, and technologies
• Formulates and defines systems scope and objectives based on both user needs and a thorough understanding of business systems and industry requirements
• Devises or modifies procedures to solve complex problems considering computer equipment capacity and limitations, operation time, and form of desired results. Includes analysis of business and user needs, documentation of requirements, and translation into proper system requirements specifications
• Provides consultation on complex projects and is considered to be the top-level contributor/specialist of most phases of systems analysis, while considering the business implications of the application of technology to the current and future business environment
• Complete Remediation of all findings from audit reports and communicate with the federal agencies that conduct audit

Preferred Qualifications

• Healthcare Privacy and Security (CHPS) certification and/or other healthcare industry related security credentials
• CISSP Certification
• Knowledge and/or understanding of Curam - V6 or higher
• ITIL Certification