Req ID: RQ207573
Type of Requisition: Regular
Clearance Level Must Be Able to Obtain: Interim Secret
Public Trust/Other Required: SSBI (T5)
Job Family: Cyber and IT Risk Management
Skills:
Cybersecurity,Data Encryption,Protocol Management,Security Protocols
Certifications:
CompTIA Security+ CE | CompTIA - CompTIA, CompTIA Server+ | CompTIA - CompTIA
Experience:
10 + years of related experience
Job Description:
GDIT is seeking a Cybersecurity Engineer to support the Indian Health Service PATH EHR system. This role will help deploy and secure a government-owned Electronic Healthcare Record (EHR) system within a cloud environment. The system needs to be deployed with a secure baseline, ensuring system integrity and compliance with healthcare and government regulations while addressing vulnerabilities in interconnected systems.
Our work depends on a Cybersecurity Engineer joining our team to support the Indian Health Service (IHS) Electronic Health Records Modernization (EHRM) program. As a Cybersecurity Engineer supporting the IHS EHRM program, you will be responsible for supporting the Cybersecurity team to ensure secure implementation of the EHR.
This position is fully remote!
This role requires you to obtain and maintain an in-depth Public Trust Level 5. This investigation will review personal and criminal behavior, financial conduct, foreign influence, as well as other adjudications.
HOW A CYBERSECURITY ENGINEER WILL MAKE AN IMPACT:
Work with engineering teams to ensure secure implementation of the EHR, with a focus on integration with medical devices and systems.
Support the implementation and maintenance of security controls across Windows, Linux, container environments, and network systems.
Assist with vulnerability assessments and security scans across systems, including medical devices interfacing with the EHR.
Collaborate with engineering teams to validate and enforce authentication protocols and access controls, including multi-factor authentication (MFA) and Single Sign-On (SSO).
Assist in the deployment and monitoring of required security tools and technologies across cloud and on-premises systems.
Review and trace authentication paths across multi-platform systems to ensure secure data flow, including the review of interconnections and security compliance between medical systems (HL7-MLLP, FHIR, HTTPS).
Review interface designs and ensure secure connections in compliance with government requirements, DISA Security Technical Implementation Guides (STIGs), and security best practices.
Review and document system changes for cybersecurity impacts, including any necessary Ports, Protocols, and Services (PPS) adjustments related to firewall rules.
Provide support for secure network configurations, including ports, protocols, firewall rule sets, and IDS/IPS configurations across the network.
Document security procedures and assist in training team members on best practices for securing EHR systems and associated IT environments.
Review interconnection service agreements to ensure all cybersecurity controls are addressed before submission to government authorities.
Review and ensure security parameters are embedded in ICDs (Interface Control Documents) for the EHR system.
Compile a PPSM (Ports, Protocols, and Services Management) Master List tied to the EHR to ensure all connectivity is secure and complies with regulations.
REQUIRED QUALIFICATIONS AND EXPERIENCE:
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
At least 10 years of experience in cybersecurity and engineering roles, specifically in healthcare, government, or related IT environments.
Intermediate knowledge of networking concepts, including ports, protocols, encryption standards (e.g., TCP/IP, SSL/TLS), and best practices for securing healthcare systems.
Understanding of system authentication methods, such as multi-factor authentication (MFA) and Single Sign-On (SSO).
Experience with cloud environments (e.g., AWS, Azure, OCI) and securing cloud-hosted services.
Experience with securing operating systems, including Windows and Linux, and their respective security configurations.
Basic knowledge of container technologies (e.g., Docker, Kubernetes) and their security implications in cloud and on-prem environments.
Ability to analyze interconnected systems and trace data flows for security risks, including medical devices communicating with EHRs.
Understanding of NIST 800-53 Risk Management Framework, including conducting security assessments and remediating vulnerabilities.
Familiarity with healthcare data privacy regulations (HIPAA) and implementing required safeguards to protect patient information.
Strong knowledge of DISA STIGs and best practices for securing government systems.
Ability to create and maintain PPSM Master Lists for large-scale systems like the EHR to ensure proper security configurations.
Experience with Interconnection Security Agreements (ISAs) and ensuring cybersecurity requirements are documented and met.
Proficient in Microsoft Office Suite, specifically Word, Excel, PowerPoint, and Visio.
?Must be able to obtain a Public Trust Level 5 clearance.?
Ability to travel up to 25% of the year, if needed.
DESIRED QUALIFICATIONS AND EXPERIENCE:
Security certifications such as CompTIA Security+ CE, CISSP (Associate), or equivalent.
Experience in government and healthcare IT environments with compliance requirements and risk management.
Advanced knowledge of encryption technologies, key management systems, and data protection.
Familiarity with scripting languages (e.g., PowerShell, Python) for automating security tasks and improving system security.
Strong skills in writing and reviewing security documentation, including the preparation of Security Assessment Reports (SARs) and change requests.
Knowledge of zero-trust architecture principles and their implementation in sensitive healthcare systems.
Experience with implementing and validating DISA STIGs for secure system configuration.
Experience with container security best practices and securing containerized applications in a cloud environment.
Understanding of interconnectivity between EHR systems and medical devices and the protocols used (HL7-MLLP, FHIR, HTTPS) to ensure secure communications.
Experience using tools like Microsoft Visio for designing architectural, network, and data flow diagrams to map out system interactions.
Proficiency with Adobe Acrobat Professional.
Excellent organizational and time management skills; ability to manage frequently changing priorities of competing importance.
Ability to communicate and interact effectively with internal/external teams including key stakeholders and customers.
Ability to work independently with minimal supervision and within tight deadlines, following detailed written policies, processes, procedures, and work instructions.
Ability to produce high-quality documentation that contributes to the overall success of our program.
IHSJobs
GDITFedHealthJobs
The likely salary range for this position is $124,100 - $167,900. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year. Paid leave and paid holidays are prorated based on the employee's date of hire. The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.
We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
Join our Talent Community to stay up to date on our career opportunities and events at https://gdit.com/tc.
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
