Job Description :
Direct End Client: Maryland Department of Information Technology (DoIT)
Job Title: Systems Security Specialist
Duration: 36 Months
Start Date: 12/03/2018
Location: Baltimore, MD 21202
Position Type: Contract
Interview Type: In Person or Telephonic or Webcam
Requirement ID: SMD_HD718_SS

Required Skills:
A minimum of eight (8) years of experience in analysis and definition of system security requirements.
A minimum of five (5) years of experience in performing static analysis of applications using different tools and technologies such as Fortify, AppScan, Veracode, SonarQube.
A minimum of five (5) years of experience in performing dynamic / customized security analysis of web applications using various tools and technologies to perform penetration testing and identify vulnerabilities/security issues and suggesting remedial measures.
A minimum of three (3) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities.
A minimum of two (2) years of experience working with Web Application Firewall (WAF), Content Delivery Network (CDN) tools such as Akamai, Incapsula, AWS WAF, Cloudflare.
Active CISM, CISSP, CISA, or other Security Certifications
Experience in performing Security Incident Response and Forensics evaluation with SIEM Tools.

Preferred Skills:
A minimum of five (5) years of specialized experience in defining computer security requirements for high-level applications, evaluation of approved security product capabilities, and developing solutions to MLS problems.
Demonstrated understanding of information security concepts and regulatory compliance requirements.
A minimum of seven (7) years of experience with performing security assessment of infrastructure, applications, and static/dynamic code analysis for web applications in Java, JavaScript.
Experience with assessment and evaluation of information systems to recommend changes, mitigate threats, risks, and vulnerabilities. Conduct Incident Response testing to evaluate processes for detection, response, and reporting of security incidents.
Experience in developing DISA STIGS, IRS/CIS Benchmark style hardening checklists to establish system security baseline documentation.
Experience with administering and maintaining all security architecture technology solutions including SIEM, vulnerability management, anti-virus management, database monitoring and encryption, IDS/IPS, Data Loss Prevention, and Web Application Firewall.
A minimum of four (4) years of experience in managing computer systems and utilizing Tenable Security Center to manage security vulnerabilities and compliance configurations.
Experience as a Certified Ethical Hacker.
Experience with network implementation of Cisco Routers & Switches, CISCO ASA & Fortinet Firewall.
A minimum of five (5) years hands-on experience in implementing Minimum Acceptable Risk Standards for Exchange (MARS-E 2.0) based on NIST SP 800-53 rev4 Security and Privacy Controls.
A minimum of five (5) years hands-on experience in NIST SP 800-37 applying Risk Management Framework.
ITIL v3 or equivalent Certification, ISCC certification.
Experience working and developing with PMO processes, policies and procedures.

Department: MHBE – Information Technology

Description: The Maryland Health Benefit Exchange (MHBE) created a website and call center operating under the name Maryland Health Connection (MHC Through MHC, Maryland residents explore health insurance plans, compare rates, and determine their eligibility for advanced premium tax credits (APTC), cost sharing reductions (CSR) and public assistance programs such as Medicaid and the Maryland Children’s Health Insurance Program (MCHP
MHBE seeks up to one (1) Senior Systems Security Specialist to provide system security services for the Maryland Health Benefit Exchange (HBX) system.

Responsibilities:
Conduct Static and Dynamic Application code and security vulnerability testing.
Conduct Penetration testing on Enterprise applications and recommend remediation using available tools and technologies.
Educate and support application developers and administrators in fixing security vulnerability issues in all tiers of applications including network, database and web/application servers.
Incident Response and Forensics evaluation using security information and event management (SIEM) tools
Work with Systems and Network Administrators to evaluate and enforce security controls and hardening rules as determined by industry standards for state and federal security compliance requirements.
Integrate applications with SIEM tools and log aggregation / analysis tools such as Splunk.
Ensure that the MHBE system security requirements are addressed during all phases of the system development life cycle.
Conduct daily/weekly security audit log reviews and report any suspicious activities.
Conduct security impact analysis of controls on proposed system changes.
Conduct ongoing security reviews and tests of the MHBE systems to periodically verify that security and operating controls are functional and effective.
Review and update systems security documentation and artifacts such as SSP, ISRA, PIA, SSR, CAP and POA&Ms.
Create and track POA&M requirements for resolving security findings.
Adhere to all security, change control and MHBE Project Management Office (PMO) policies, processes and methodologies.
Note: The candidate must have the flexibility to work overtime, as needed, to include weekends, holidays, and off-hours.


V Group Inc. is an IT Services company which supplies IT staffing, project management, and delivery services in software, network, help desk and all IT areas. Our primary focus is the public sector including state and federal contracts. We have multiple awards/contracts with the following states: AR, CA, DE, FL, GA, IL, KY, MD, ME, MI, NC, NJ, NY, OH, OR, PA, SC, TX, VA, and WA. If you are considering applying for a position with V Group, or in partnering with us on a position, please feel free to contact me for any questions you may have regarding our services and the advantages we can offer you as a consultant.

Please share my contact information with others working in Information Technology.

Website:
Twitter: VGroupITServices@VGroupITService
Facebook: