• This position is responsible for working with RBCI's team supporting our DoD customer to ensure the appropriate administrative, physical and technical information security safeguards are implemented across a portfolio of deployed military medical devices.

• Under general guidance of the Team Lead and the client, the incumbent will conduct information security assessments and testing to ensure the proper implementation of security controls across the environment. This includes populating defined security/risk assessments, identifying gaps and compensating controls, identifying remediation plans, and publishing management reports of results. This position may also participate in incident response investigations, help identify opportunities for product improvement, maintain policies and procedures that are designed to be operationally effective and efficient, and monitor compliance to policies, laws and regulations. The security specialist works with the DoD client to select and deploy technical controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained.

• Conduct evaluations of technical and non-technical security safeguards to demonstrate and document compliance with the DoD's Risk Management Framework (RMF) requirements for security and interoperability.

• Perform information security risk assessments as part of the project lifecycle to ensure that new medical device technology conforms to security standards against internal and external threats.

• Perform Independent verification and validation (IV&V) testing, to include documentation of Plan of Action and Milestones (POAM) data within the DoD system.

• Perform risk assessments of information and technology systems by conducting accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of information and technology systems.

• Work with security leadership and stakeholders to identify remediation strategies and plans to enforce security requirements and address risks identified in the risk assessment process.

• Along with the Security Architect, advise during application development or acquisition projects to ensure that security controls are implemented as planned.

• Work with other security department members and stakeholders in scoping, planning and conducting third-party penetration testing, code reviews, or security assessments during the information security process.

• Perform risk assessments of third-party technology systems by conducting accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of DoD information and technology systems.

• Produce information security risk assessment reports that identify gaps with DoD Security Policies & Standards and propose remediation plans.

• Assist in conducting information system activity reviews and participate in Risk Management Framework (RMF) testing exercises and activities: Monitor and test application and network activity for assurance that systems of controls are in place and effective, and for compliance to DoD policies and federal regulations.

Required Qualifications

• Bachelor's degree in a related discipline or a minimum of four (4) years of experience

• Must be a U.S. citizen with a current Public Trust Clearance; Desired: Secret Clearance

• Working knowledge internal controls & IT Risk Assessment and Mitigation procedures

• Technical experience in security-related technologies such as encryption, remote access, anti-virus systems, etc.

• A basic knowledge of the 8 domains of the Common Body of Knowledge for information security:

• Security & Risk Management
• Asset Security
• Security Engineering
• Communications and Network Security
• Identity and Access Management
• Security Assessment and Testing
• Security Operations
• Software Development Security

Preferred Qualifications

• Desired: Experience with medical devices or a working knowledge of security frameworks such as HIPAA, HITRUST, NIST, ISO or other industry standards that are relevant to the DoD medical enterprise

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform the functions. While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand, walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is typically low to moderate.

Notes

This job description in no way states or implies that these are the only duties to be performed by the employee(s) incumbent in this position. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. All duties and responsibilities are essential functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbents will possess the skills, aptitudes, and abilities to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.

RBCI is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender, identity, national origin, disability, or veteran status.