Key skills
AWSCloudCyber SecurityPythonBashAICI/CDSnykZero Trust
About this role
Role Overview
- Join the team supporting the Centers for Medicare & Medicaid Services (CMS) as it merges and modernizes its enterprise knowledge and data systems into a single, AI-driven platform, reducing manual effort, improving data accuracy, and enhancing transparency for stakeholders.
- Find and prioritize what matters. Run vulnerability and security scans, then build a clear, prioritized list of weaknesses based on severity, known exploitation, and exploitation probability using intelligence sources like the CISA KEV catalog and EPSS.
- Automate security into the pipeline. Embed security tooling such as Snyk, Trufflehog/GitLeaks, Tenable, and AWS Inspector into CI/CD so vulnerabilities are caught and reported before they ship.
- Modernize compliance, hands-on. Help drive the move toward Continuous ATO (cATO) and near-real-time compliance monitoring using AWS Security Hub, Config, and Audit Manager, plus the CMS GRC system of record (CFACTS).
- Build and feed continuous monitoring. Implement monitoring of production runtime environments for vulnerabilities and compliance drift, and make security and compliance reporting available on demand.
- Track and close the gaps. Document vulnerabilities, misconfigurations, and compliance deviations, and support POA&M creation and remediation tracking to keep system ATOs healthy.
- Keep us aligned to the standards. Support compliance with CMS and federal requirements such as NIST RMF, ARS, and IS2P2 within a FISMA Moderate boundary.
- Harden access. Help implement least-privilege, role-based access controls aligned to Zero Trust objectives and support regular access reviews and audits.
- Raise the flag early. Identify, document, and communicate security risks tied to modernization efforts so they get to the right stakeholders before they become problems.
Requirements
- A bachelor’s degree in computer science, information systems, cybersecurity, or a related field.
- 3–5 years of experience in security engineering, cybersecurity, or a related role.
- Hands-on experience with vulnerability scanning and management tools (e.g., Tenable, AWS Inspector, Snyk, Trufflehog, or GitLeaks).
- Working knowledge of AWS security and compliance services (Security Hub, Config, Audit Manager) or comparable cloud-native tooling.
- Familiarity with security compliance and the Authority to Operate (ATO) process, including POA&Ms and continuous monitoring.
- Understanding of federal security frameworks such as NIST RMF, ARS, or IS2P2 (or a strong willingness to learn them quickly).
- Comfort scripting and automating in Python or Bash and integrating tooling into CI/CD pipelines.
- Solid problem-solving skills and the ability to collaborate across multiple stakeholders.
Tech Stack
- AWS
- Cloud
- Cyber Security
- Python
Benefits
- Medical, dental, vision insurance (fully paid for employees)
- 15 days of paid leave
- 7 days of sick leave
- 2 days bereavement leave
- 11 paid Federal holidays
- Up to 40 hours for jury duty
- 401K with 4% employer contribution (and no vesting period)
- Up to 4 weeks of paid paternity and maternity leave
- Company provided laptop
- $5,000 per year for professional development
- $600 per year for technical supplies and equipment
- $2,000 referral bonus
- Life and disability insurance
- HSA and FSA
- Legal Shield and ID Shield Voluntary Benefits
- Opportunity to work in a collaborative, motivated team focused on modernizing government services with cutting-edge technology and innovative solutions. Who says government work can't be exciting!