We are seeking a Security Task Lead and Cyber Security Engineer who is innovative, dedicated, and highly motivated to solve challenging problems for our client, the Division of Federal Systems (DFS) for the Office of Child Support Enforcement (OCSE).  

Our team provides program support to DFS OCSE to manage and monitor the development, implementation, operation, maintenance, technical support, and enhancement of the division’s systems and services. Federal Parent Locator Service (FPLS) information is, by statute, made available to child support agencies and a limited number of federal and state agencies. These secure systems and services help child support agencies, employers, insurers, and financial institutions exchange information about child support cases; locate parents; establish paternity, custody and visitation; collect support; and identify fraud.

Currently, this role is remote. Once COVID restrictions are lifted, the work location for this position is the Department of Health and Human Services Mary Switzer Building near Federal Center Southwest in Washington, D.C.

The ideal candidate enjoys managing a team and will find satisfying the challenges and opportunities provided by a fast-paced, customer-oriented environment.  If you want to work with a dynamic group of dedicated technical professionals on a collaborative team that supports a critical mission, we encourage you to apply.  

Responsibilities:

• Ensure all security deliverables and tasks are completed and delivered on time
• Participate as security lead in customer-facing meetings such as Governance, Technical operations, change advisory board, and technical review boards.
• Provide guidance to the design and development teams to ensure compliance with Federal mandates, OMB and NIST guidelines, Health and Human Services (HHS), Administration for Children and Families (ACF), and  FPLS security requirements.
• Provide guidance to the design and development teams on security issues and assist as needed in the development of security documentation for Security Authorization.
• Serve as a Subject Matter Expert (SME) on application and network security topics as well as emerging security technologies.
• Participate in routine and on-demand system and application vulnerability scanning, document findings and recommendations, and present analysis of results to stakeholders. 
• Participate in the continuous monitoring of FPLS systems and applications in support of the security authorization process through system development life cycle, risk assessments, vulnerability testing, inventory and configuration audits, technical and physical assessments, and development of security documentation. 
• Serve as one of the Security team’s representatives to the Data Access team to ensure data sharing and research partners adhere to FPLS security requirements.
• Support the development and maintaining of security policies, procedures and required documentation for security compliance with Federal mandates, OMB and NIST guidelines, HHS/ACF and FPLS requirements.
• Support the Office of Child Support Enforcement (OCSE) management, the ACF CISO, ACF Cyber Security Office, and HHS Chief Information Security Officer (CISO) to ensure FPLS compliance with ACF and HHS security requirements.
• Assist the FPLS ISSO, FPLS ITSSO and Technical Manager to ensure that FPLS upholds all security requirements to maintain the ACF Authority to Operate.
• Support the Security Team in responding to external audits conducted by the HHS Inspector General (IG), Internal Revenue Service (IRS) and other Federal agencies as required.
• Document and track internal POAMs for DFS systems and applications
• Assist in the development and delivery of Security Awareness Training as required.
• Participate in conducting security site assessments on data matching partner sites and FPLS contractor sites.
• Coordinate and assist customer on requisite System Security Plans (SSPs) in accordance with agency-established policies.
• Assist in the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes.
• Assess security events to determine impact and implements corrective actions.
• Participate in network and systems design to ensure implementation of appropriate systems security policies.
• Collaborate with the security team to ensure the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services.
• Develop and implement programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.
• Promote awareness of security issues among management and ensures sound security principles are reflected in organizations’ visions and goals.
• Conduct research pertaining to the latest security vulnerabilities. and the latest technological advances in combating unauthorized access to information.
• Support the client in publishing security alerts, advisories, and bulletins.
• Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Support systems security evaluations, audits, and reviews.
• Develop systems security contingency plans and disaster recovery procedures.
• Develop policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.
• Recommend technological and architectural upgrades/modifications to client's Information Systems Security architecture.
• Provide input to incident response functions when appropriate and coordinates activities with site personnel when directed by the client organization.

Skill Set (required):

• Exceptional written and verbal communication skills; a writing sample will be requested. 
• At least 5 years of professional work experience in a cybersecurity role.
• People management experience
• Web application development knowledge
• Demonstrated experience and understanding of Information Assurance in the following specialties: Internet and Intranet Applications and Authentication; and Physical, Personnel, Network, Computer, Information, Operational, Administrative, and Communications Security.
• Experience with handling multiple tasks simultaneously, and the ability to work independently in a high stress environment with an orientation towards customer service.

Desirable Qualifications

• Security or IT certifications (e.g. CISSP, CISA, MCSE, C|EH,etc.) related to the security of web and portal developments.
• Knowledge of FedRAMP and cloud computing
• Knowledge of Network infrastructure and ability to analyze network diagrams
• Knowledge of mainframe technologies (z/OS,DB2)
• Knowledge of web application vulnerability scanning tools such as IBM AppScan
• Knowledge of the Child Support Enforcement program and system operations.
• Experience in handling sensitive data sources and distribution of data containing personally identifiable information.
• Mainframe processing knowledge a plus