Umyuaq Technology, Part of the Wood River Federal group of companies, primarily focused on providing information technology (IT) support services and personnel to various government customers. We help our customers leverage technology and operate with total confidence in their technology resources' predictability, security, and reliability to meet business objectives by providing a wide array of professional services and products. Umyuaq Technology is looking for a qualified RMF Data Security Analyst II (Cyber Security Analyst) to support our contract at the Madigan Army Medical Center (MAMC), located at Joint Base Lewis-McCord (JBLM) Washington (WA). MAMC is a 196-bed Health Readiness Platform (HRP)
We're seeking an RMF Data Security Analyst II (Cyber Security Analyst); you'll perform complex cyber technical analysis for new and existing technologies, vendors, and hardware to identify and mitigate cybersecurity risk to Government systems. Utilize cutting-edge cyber technology to make secure design recommendations and identify threats and vulnerabilities with technology implementations and current production systems. Collaborate with other cybersecurity teams, such as cyber incident response, tools and technologies, and engineering, to help make risk-based decisions to mitigate cybersecurity risk. Collaborate with other team members on current vulnerabilities and threat actor's tactics, techniques, and procedures.
- ICW Defense Health Agency (DHA) CyberLOG and J6 Health Information Technology teams research and pursue RMF authorizations on MAMC Medical Devices scheduled to be accredited ICW (In Conjunction With) DHA.
- Primary focus areas are systems that include but are not limited to the Laboratory, Pharmacy, Informatics, Radiology, Infusion Pumps, Ventilators, Anesthesia Units, Fetal Monitors, and Physiological Monitors. The highest priority continues to be medical devices, those currently holding valid authorizations, and COVID-related Medical Device Equipment (MDE).
MAMC performs medical device cyber security site activities including but not limited to:
- Perform Tenable Nessus Security Center vulnerability scans on medical devices, servers, workstations, and med device device-related equipment in various departments of the medical center, which are used to ID vulnerabilities and harden MDs
- Develop and validate hardware and software lists ICW CyberLOG personnel and vendors
- Develop and validate CKLs (Checklists) ICW CyberLOG personnel and vendors
- Develop and validate Ports, Protocols, Services (PPSM) documents ICW CyberLOG personnel and vendors
- Develop and validate security plan documents ICW CyberLOG personnel and vendors
- Develop and validate control documents ICW CyberLOG personnel and vendors
- Develop and update plans of action and milestones (POAM) ICW CyberLOG personnel and vendors
- Develop and validate any additional documentation and artifacts ICW CyberLOG personnel and vendors
- Continuous monitoring and sustainment activities ICW CyberLOG personnel and vendors
- Update eMASS and CStar as required
- Gather artifacts to produce agenda and minutes for the MAMC Change Control Board (CCB). ICW MAMC IT leadership runs the control board.
The essentials -
- Three (3) to (5) years of Cybersecurity experience.
- Have a CompTIA Advanced Security Practitioner (CASP) certification or equivalent.
- Certified Information Systems Security Professional (CISSP)
- Must be a US Citizen
The preferred -
- Bachelor's degree.
- Certified HealthCare Information Security Leader (CHISL)
- Certified Digital Healthcare – Executive (CDH-E)
- ITILv3 Foundations- Information Technology Infrastructure Library
- Experience with risk assessments and penetration testing using open-source or commercially available technology.
- Experience in applying DoD/ IT architecture, interrelationships among multiple IT specialties, new IT developments and applications, emerging technologies and their application to business processes; IT security concepts, standards, and methods; project management principles, methods, and practices; and oral and written communication techniques sufficient to serve as a subject matter expert in cybersecurity/IA and manage assigned IT projects and program.
- Experience in total infrastructure protection environment; system security certification and accreditation requirements and processes; and Federal information systems protocols to integrate information systems security with other IT and security disciplines; manage network and systems accreditation; and ensure coordination and collaboration on various security activities.
- Experience in IT and cybersecurity concepts, principles, and practices required to plan and evaluate Information Security (IS) programs for Automated Information Systems.
Umyuaq Technologies offers a competitive Pay and Benefits package. Umyuaq is an equal opportunity employer
Job Type: Full-time
- 401(k) matching
- Dental Insurance
- Employee assistance program
- Health insurance
- Paid time off
- Vision insurance
- 8-hour shift
- Monday to Friday