This role will serve as part of the team supporting the Department of Veterans Affairs (VA) with the implementation, integration and sustainment of a fully integrated supply chain solution that provides the full spectrum of medical logistics. The Supply Chain delivers clinical care to Veterans by managing the logistics and flow of supplies and equipment. Supply Chain Management (SCM) ensures that the right equipment and supplies are available when needed, and the Supply Chain Management Product Line (SCM PL) encompasses the activities to procure resources, manage supplies, and deliver goods and services to providers and patients.
This team will be focused on implementing a scalable to support accelerated site deployment, while at the same time supporting integration with additional VA systems and sustainment of current integrations.
The team will have a blend of specific expertise and experience in SAFe Agile, Product Management, Development, Security and Operations (DevSecOps), engineering, and Data Migration.
The Cyber Security Architect has skill sets aligned with Software development, to include DevSecOps and Model Base Systems Engineering. This position is an opportunity to deploy Cyber capabilities to enable multi-domain operations through the development, acquisition, and sustainment of secure, robust, and resilient systems. This includes support for resolving technical challenges related to advanced Cyber threats through the application or development of technologies, and conducting research and technology evaluation of innovative solutions. In this position, the candidate will support our VA projects and provide hands-on development, testing, and integration of Cyber mitigation solutions aimed at improved mission effectiveness.
- Works on advanced, complex technical projects or business issues requiring state of the art technical or industry knowledge
- Ensures security requirements to protect the organization’s core mission and business processes are adequately addressed in all aspects of the enterprise architecture
- Understands internet architecture and firewall configuration to protect system security
- Employs best practices when implementing security controls
- Designs and develops security strategies for continuous integration and continuous delivery of software products and solutions
- Advises on security requirements during software design and code reviews
- Plans and designs security solutions and capabilities that enable the organization to identify, protect, detect, respond, and recover from cyber threats and vulnerabilities.
- Defines and develops security requirements using risk assessments, threat modeling, testing, and analysis of existing systems.
- Develops security integration plans to protect existing infrastructure and to incorporate future solutions
- Designs action plans for policy creation and governance, system hardening, monitoring, incident response, disaster recovery, and emerging cybersecurity threats
- Designs and implements information security standards for applications and databases
- Protects against unauthorized access, modification, or destruction and develops Information Technology security policies and standards
- Reviews system’s test plans, test results, and observe system testing for security control implementation
- Ensures site security and provides consultation on security issues staying abreast of current malware and other potential internet security threats
- Utilizes a variety of security information and event management, data loss prevention, intrusion prevention systems, and other tools in designs.
- Works with end users to determine needs of individual departments
- Partners with stakeholders to encourage the adoption of security-compatible software designs and best practices
- Keeps abreast of the latest intelligence from law enforcement and other sources of cyber threat information
- Interprets and applies required standards to maintain a strong cybersecurity posture for VA.
- 10 years of IT experience
- 6 years of professional Information Systems/Technology and Cyber Security design, implementation, and management experience performed for medium to large size businesses
- Deep knowledge of cyber, information and industrial security.
- Experience with agile project management tools.
- Strong understanding of cyber security specifications such as Risk Management Framework (RMF), STIGs and other government security specifications and guidelines
- Strong knowledge of cyber security technology and trends.
- Experience with scripting languages to automate tasks and manipulate data, preferably for enterprise data center, cloud or Hybrid environments
- Experience with integrating solutions in a multi-vendor environment
- Knowledge of enterprise logging, with a focus on security event logging
- Experience with enterprise-scale operations and maintenance environments
- Experience with programming
- Ability to multitask and solve complex technical problems
- Experience working in a multi-server environment
- Experience with SIEM, log analysis, vulnerability analysis, and some scripting experience.
- Familiarity with client specific solution components, such as Defense Medical Logistics Standard Solution (DMLSS), Military Health Services (MHS) GENESIS, LogiCole, Cerner Millennium and/or InterSystems (HealthConnect/IRIS/HealthShare), would be helpful
- Masters Degree in Computer Science, Electronics Engineering, or other engineering or technical discipline (or Bachelors Degree w/10 years of additional relevant experience may be substituted for education)
- CISSP-ISSAP (Certified Information Systems Security Professional-Information Systems Security Architecture Professional
- CISSP-ISSEP (Certified Information Systems Security Professional-Information Systems Security Engineering Professional
- Must be able to achieve a moderate (Tier 2) VA position of trust.