Information Assurance and Security, Lead Associate
Responsibilities
Peraton is seeking a Lead Security Analyst to join our team of qualified, diverse professionals supporting the Health State and Local Sector. The ideal candidate will lead security analysis, compliance oversight, and risk management efforts across a complex, mission critical environment. This role plays a pivotal part in ensuring secure and compliant solutions, guiding vulnerability management activities, and supporting major modernization efforts for the Centers for Medicare & Medicaid Services (CMS). The Lead Security Analyst will help shape and maintain a robust security posture, ensuring that all program capabilities adhere to CMS and Federal security standards.
Lead Security Analyst’s responsibilities shall include, but are not limited to:
- Leading all security analysis, compliance, and oversight activities for the Program.• Conducting comprehensive security assessments, including evaluation of system architecture, data flows, interfaces, and inherited controls.• Developing, maintaining, and enforcing program-wide security policies, procedures, and documentation consistent with Federal and CMS security requirements.• Managing the program’s vulnerability assessment program, including vulnerability scanning, analysis, reporting, and coordination of remediation activities.• Leading the development of risk mitigation strategies and providing recommendations to address findings from scans, assessments, POA&Ms, and audits.• Preparing and supporting all security audits, reviews, and checkpoints, including CMS security assessments, FISMA reviews, and relevant ATO activities.• Ensuring security requirements are integrated into Agile development workflows, providing direct guidance to Scrum teams, architects, and developers.• Reviewing technical designs, user stories, and system enhancements for security impacts and compliance alignment.• Monitoring regulatory and CMS security updates to ensure program compliance remains current and accurate.• Collaborating with cross functional stakeholders including engineering, operations, compliance, and program leadership to ensure secure-by-design solution delivery.• Developing and delivering security awareness and compliance training tailored to the Program needs.• Maintaining accurate and up-to-date security documentation, dashboards, and metrics reporting for program leadership.
Qualifications
Basic Qualifications:
- 5 years with BS/BA; 3 years with MS/MA
- Demonstrated experience leading security analysis, compliance, and risk management activities for large-scale Federal programs.
- Strong understanding of Federal information security standards and frameworks such as FISMA, NIST SP 80053, NIST RMF, and CMS ARS.
- Hands-on experience conducting or managing vulnerability assessments, security scanning, POA&M lifecycle management, and risk mitigation planning.
- Experience preparing for and supporting Federal security audits, assessments, and ATO activities.
- Ability to review system designs, data flows, and architecture diagrams for security considerations and compliance alignment.
- Experience working directly with Agile teams and integrating security requirements into Agile SDLC processes.
- Excellent written and verbal communication skills, with the ability to communicate with both technical and nontechnical stakeholders.
- US. Citizenship required.
- Must have the ability to obtain and maintain a Public Trust clearance.
- Must reside near or be able to work in alignment with the program’s hybrid work expectations.
Preferred Qualifications:
- Experience supporting CMS programs, including familiarity with CMS ARS, ATO processes, and CMS governance expectations.
- Relevant security certifications such as CISSP, CISM, Security+, CEH, or equivalent.
- Experience with vulnerability management platforms, SIEM tools, and security automation technologies.
- Prior experience in healthcare IT and knowledge of compliance requirements such as HIPAA.
- Experience integrating or modernizing systems in environments with legacy system dependencies.
- Experience supporting large-scale, multi-team modernization or transformation initiatives.
Peraton Overview
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.