- NIST Standards
- System Architecture
- DoD 8570
Aptive Resources is seeking an Enterprise Security Architect to support a Department of Veterans Affairs (VA) client.
The candidate must pass a National Agency Check (NAC) covering the past 5 years to obtain a VA Tier 4 ‘High Risk' BI Public Trust clearance as well be able to obtain or currently possess a DoD Secret clearance.
Requires U.S. Citizenship. This is a remote position that can be performed anywhere in the U.S.
The chosen candidate will be part of a team providing Enterprise Security Architecture (ESA) technical support services that accommodate VA's scope, size and complexity, including enterprise architecture, emerging technologies, networks and mobile, in specialized areas like healthcare, specialized medical devices, cybersecurity, IT Modernization and large scale architecture.
We are seeking specialized technical and security expertise of new technologies that VA is introducing, including merging of Electronic Health Records (EHR), cloud computing, Application Programming Interfaces (APIs), specialized networks (i.e., software and security perimeter and defined networks) Internet of Things (IoT), analytic ecosystems and medical devices. The candidate should have demonstrated expertise in IT, communications, systems architecture, engineering and integration; along with the ability to apply this expertise across a broad portfolio of IT systems, software and infrastructure solutions.
The Enterprise Security Architect, Intermediate, shall possess IT experience in all aspects of Cyber Security with a vast array of IT systems involving end user as well as enterprise level networks, possess experience in Cyber Security Tools, network topologies, intrusion detection, PKI, and secured networks. The Enterprise Security Architect, Intermediate, shall assist in resolving issues and creating architectural vision, coordinating with program and project leaders to analyze IT system and network architecture, clearly identify strategies for addressing requirements, risks and issues. The Enterprise Security Architect, Intermediate, shall participate in trade-off analyses of requirements against fiscal, schedule and performance issues.
Support development, implementation, testing and review of hardware/software information security requirements (IAW DoD/NIST RMF) to protect information and prevent unauthorized access. Assist the project team on security measures, explain potential threats, implement security measures and monitor applications to meet or exceed all DoD/NIST RMF requirements, resulting in faster and more accurate software releases. Support information system security engineering from establishing stakeholder security requirements, design, implementation and validation to sustainment. Support planning and coordination of test plans, remediation and mitigation strategies. Assist in planning and strategies for incident management, cybersecurity vulnerability assessment, continuous monitoring, configuration management, change management, risk assessments, system impact assessments, identity and access management (IAM).
Support hardening of Operating Systems, applications and network infrastructure using Department of Defense Security Requirement Guides (SRGs), Security Technical Implementation Guides (STIGs), Defense Security Service Office of the Designated Approving Authority (DSS ODAA) Baseline Technical Security Configurations and Information Assurance Vulnerability Alerts (IAVA). May use or manage automated security assessment tools as well as manual checklists to validate compliance with regulatory frameworks or mandates such as FISMA, HIPAA, the Privacy Act, E-Government Act, PCI-DSS, etc. Be familiar with vulnerability scans for applications using various tools such as HP Fortify, working with software engineers to analyze the report and vulnerability scans for operating systems and network infrastructure using Nessus and/or ACAS.
Provide security assessment and authorization expertise and guidance to VA systems security team, especially approaches for acceptance of DoD authorization packages system security plans through the VA Assessment and Authorization (A&A) Standard Operating Procedure and VA regulations, including VA Handbook 6500 Authorization to Operate under Reciprocity (ATOR) and Authority to Connect (ATC) certifications. Review existing system-specific Security Assessment Plan (SAP), Risk Assessment Report (RAR)\, Plan of Action and Milestones (POA&M), System Security Plans (SSP), Application Security and Development Checklists and other artifacts supporting DoD and VA software and system assessment and authorization. Work with both VA and DoD authorities to either convert DoD eMASS artifacts, reports and process to accommodate to the VA Governance, Risk and Compliance (GRC) tool, RiskVision, or alternatively, lead VA adoption of eMASS for the VA Electronic Health Records system.
Support the creation of white papers, proposals and briefings, demonstrating thought leadership and supporting various marketing and business development efforts through customer interaction.
Work with self-signed certificates, DoD PKI and VA PIV.
Conduct Privacy Threshold Analyses and Privacy Impact Assessments.
Bachelor's Degree and 10+ years of overall experience in cybersecurity and privacy risk management with Federal Information Technology systems and security requirements. 15 years of additional relevant experience may be substituted for education.
Solid understanding of DoD 8510, NIST SP 800-53, NIST SP800-37, the Risk Management Framework and CNSSI 1253. Familiarity of VA Handbook 6500.
Prior VA experience with cybersecurity policy, guidance and architectures.
The individual must have significant experience with cybersecurity best practices. Experience reviewing and writing policies and security plans utilizing NIST 800-series framework.
Meet DoD 8570.01–M and IT Level II.
Ability to obtain VA Moderate BI or DoD Secret or higher clearance.
Advanced Technical, IT Security Certifications (Security+, Network+, CEH, CISSP, or equivalent) strongly preferred.
Exposure to federal healthcare applications, platforms, standards and experience with federal healthcare systems is preferred.
Meet DoD 8570.01–M and IT Level III or IAM-III.
Experience with the enterprise Mission Assurance Support Service (eMASS) or RiskVision.
Background or certifications in healthcare IT or privacy risk management (CIPP/US or CIPP/G).
Equal Opportunity Employer (EEO):
Aptive is an equal opportunity employer. We will consider all qualified applicants for employment without regard to race, color, religion, sex, national origin, disability, protected veteran or any other characteristic protected by law.
Veterans and members of the Reserve and National Guard are highly encouraged to apply.