As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.
Perform complex risk analyses which also include risk assessment.
Integrate with development teams to ensure that software designs and implementations align with security requirements and best-practices.
Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
Support customers at the highest levels in the development and implementation of doctrine and policies.
Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
Perform analysis, design, and development of security features for system architectures.
Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
Performs technical application engineering services to support the development of a cohesive identity and access management strategy.
Provides expert level services in the areas of designing, constructing, and implementing secure systems and supporting processes in order to protect the privacy, security, integrity, and availability of systems, patients’ sensitive protected health information, and personal identifiable information.
Provides expert consulting services, policy development support, and standards testing in order to ensure compliance with all industry health IT standards, health IT certification requirements, and Meaningful Use requirements as defined in FISMA, Privacy Act, and HIPAA.
Assists with implementation of counter-measures or mitigating controls.
Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
Prepares incident reports of analysis methodology and results.
Provides guidance and work leadership to less-experienced technical staff members, and may have supervisory responsibilities.
Maintains current knowledge of relevant technology as assigned.
Participates in special projects as required.
Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.Qualifications
8-10 years of related experience in application security
Candidate must be able to achieve clearance of Public Trust Level 6
An understanding of Software Development Lifecycle (SDLC) is required
Proven ability to perform on a remote/distributed team
An understanding of the Department of Health and Human Services (HHS) Enterprise Performance Life Cycle (EPLC) is desired
Work experience with Electronic Health Records (EHR) highly desired
Knowledge of the VistA electronic health record or Resource Patient Management System (RPMS) preferred
Familiarity with Agile Methodology desired
Federal Information Security Management Act
Electronic Medical Record