Security Lead
Commence · Baltimore, MD · 2 wk ago
ManagementFull-time
Key Responsibilities
- Lead the program's cybersecurity strategy and ensure compliance with CMS ARS, FISMA, HIPAA/HITECH, NIST 800-53, and FedRAMP requirements
- Develop and maintain security plans, policies, and procedures aligned to federal standards
- Support Authority to Operate (ATO) activities and coordinate with government security officials and compliance auditors
- Manage Plan of Action and Milestones (POA&M) activities and maintain the program risk register
- Review and approve AWS cloud architecture designs, ensuring secure implementation of cloud-native services and security controls
- Enforce IAM policies, MFA, encryption at rest and in transit, network segmentation, and Zero Trust principles
- Embed security controls into CI/CD pipelines and validate cloud configurations against security baselines
- Implement automated scanning for source code, containers, Kubernetes workloads, Infrastructure as Code (IaC), and open-source dependencies
- Conduct security risk assessments and threat modeling; identify vulnerabilities and develop mitigation strategies
- Evaluate third-party and integration partner security risks
- Define data classification, handling, retention, and destruction requirements to protect PII and PHI
- Review interoperability and data-sharing solutions for HIPAA privacy compliance
- Develop and maintain incident response procedures and support SIEM-based monitoring and alerting strategies
- Coordinate response activities for security incidents and vulnerabilities
- Participate in Architecture Review Boards (ARBs) and review application, integration, data, and infrastructure designs for security gaps
- Ensure secure API and interoperability implementations across all integrated systems
Qualifications
- Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field (Master's preferred)
- 10+ years of cybersecurity experience, including 5+ years supporting federal government programs
- 5+ years securing cloud-based solutions, preferably AWS
- Experience supporting healthcare or CMS-related systems
- Experience with ATO processes and federal compliance frameworks
- Experience leading security teams in Agile and DevSecOps environments
Preferred Qualifications
- CISSP – Certified Information Systems Security Professional
- CCSP – Certified Cloud Security Professional
- AWS Certified Security – Specialty
- Certified Information Security Manager (CISM)
- Certified Ethical Hacker (CEH)
- GIAC Security Certifications