Staff Engineer, Security Architect

Responsibilities

• Develop, implement, and maintain the organization's information security strategy and policies to protect sensitive (PII/PHI) data, infrastructure, and intellectual property.
• Serve as the primary point of contact for all information security matters, including risk assessment, vulnerability management, and incident response.
• Collaborate with IT and business stakeholders to ensure that security is incorporated in the design, development, and implementation of new and existing systems and applications.
• Develop and oversee the implementation of security controls, procedures, and guidelines in compliance with CMS Acceptable Risk Safeguards (ARS), Federal Information Security Management Act (FISMA) requirements, and other applicable regulations.
• Perform regular security audits and assessments to identify vulnerabilities, threats, and risks, and recommend appropriate mitigation strategies.
• Oversee the Authority to Operate (ATO) process, ensuring that all necessary security documentation, such as System Security Plans (SSPs), Adaptive Capabilities Testing (ACT), and Plans of Action and Milestones (POA&Ms), are developed, maintained, and submitted in a timely manner.
• Lead incident response efforts, including investigation, containment, and remediation of security incidents and coordinating with relevant stakeholders and external parties.
• Establish and maintain relationships with external security vendors, partners, and agencies to enhance the security posture and obtain threat intelligence.
• Provide security awareness training and education to employees, contractors, and partners, promoting a culture of security consciousness within the organization.
• Evaluate and recommend new security technologies, tools, and best practices to enhance the organization's security capabilities and defenses.
• Monitor and report on the organization's security posture and the effectiveness of security controls, providing regular updates to senior management and key stakeholders.
• Develop and maintain documentation of security policies, procedures, standards, and guidelines, ensuring they remain current and relevant.
• Provide expert guidance and mentorship to junior team members, fostering their professional growth and development.
• Participate in industry conferences and forums to stay current on the latest trends, technologies, and best practices in information security.
• Serve as a subject-matter-expert in security with clients, working to build trust in Bellese’s approach and qualifications.

Qualifications

• A Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• CISSP, CISM, or other relevant security certifications.
• A minimum of 7 years of experience (10+ preferred) in information security, with at least 5 years in a leadership role.
• In-depth knowledge of CMS security requirements, FISMA, NIST security frameworks, and other applicable regulations.
• In-depth knowledge and experience using the CMS CFACTS tool.
• Strong experience delivering AWS-based cloud solutions that leverage EC2, ECS, Lambda, Cloudwatch, SNS, SQS, EventBridge, S3, RDS, DynamoDB, Glue, Elasticsearch, RedShift, ElastiCache, Athena, KMS, Secrets Manager, Security Hub, Inspector, Certificate Manager, and more.
• Strong experience working with Java, Spring Boot, Python, Go, JS/TS, Angular, and other languages/frameworks.
• Strong experience working with Terraform, Jenkins, Git/Github, New Relic, Tenable Nessus, SonarQube, Snyk, and other DevSecOps technologies.
• Strong knowledge of information security principles, technologies, and best practices.
• Strong knowledge of industry standards and government regulations related to information security.
• Excellent communication, interpersonal, and leadership skills.
• Strong analytical, problem-solving, and decision-making abilities.