Cybersecurity Analyst

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 3+ years of experience in cybersecurity analysis, assessment, or compliance roles in healthcare, government, or regulated IT environments.
• Experience with Cherokee Native American Culture and Indian Health personnel required
• Strong knowledge of NIST 800-53 and the Risk Management Framework (RMF), including security control assessments and POA&M management.
• Experience conducting vulnerability assessments and analyzing scan results.
• Knowledge of networking concepts including TCP/IP, ports, protocols, encryption standards (SSL/TLS), and secure network architecture principles.
• Understanding of authentication methods such as MFA, SSO, and identity federation.
• Experience with cloud environments (e.g., AWS, Azure, OCI) and applying security best practices to cloud-hosted services.
• Experience securing Windows and Linux operating systems.
• Familiarity with container technologies (Docker, Kubernetes) and associated security controls.
• Understanding of healthcare data privacy regulations (HIPAA) and federal information security standards (FISMA).
• Experience with DISA STIG validation and remediation.
• Ability to develop and maintain PPS documentation and security artifacts.
• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Visio).
• Must be able to obtain a Public Trust Level 5 clearance.
• Ability to travel up to 25% of the year, if needed.

Nice To Haves

• Masters degree strongly preferred.
• Security certifications such as CompTIA Security+ CE, CISSP (Associate or full), CISM, or equivalent.
• Experience supporting federal ATO processes and interacting with Authorizing Officials (AOs).
• Advanced knowledge of encryption technologies, key management systems, and secure data transmission methods.
• Experience with zero-trust architecture implementation in federal healthcare environments.
• Familiarity with scripting languages (PowerShell, Python) to automate security analysis and reporting.
• Experience reviewing and securing healthcare interoperability standards (HL7-MLLP, FHIR, HTTPS).
• Experience supporting large-scale federal EHR implementations or healthcare IT modernization programs.
• Strong analytical and documentation skills with experience producing high-quality cybersecurity artifacts.
• Excellent organizational and time management skills with the ability to manage competing priorities.
• Ability to communicate effectively with engineers, architects, government stakeholders, and medical system owners.
• Ability to work independently within structured federal compliance frameworks.
• Proficiency with Adobe Acrobat Professional.

Responsibilities

• Conduct security assessments and support Authorization to Operate (ATO) activities under the NIST Risk Management Framework (RMF).
• Analyze security scan results (e.g., ACAS, Nessus, container scans) and track remediation efforts to closure.
• Perform continuous monitoring activities and maintain security documentation to support compliance with NIST 800-53 controls.
• Review and validate secure configurations across Windows, Linux, cloud, container, and network environments.
• Support the assessment of medical device integrations and EHR system interfaces to identify cybersecurity risks.
• Evaluate and document Ports, Protocols, and Services (PPS) requirements and maintain the PPSM Master List for EHR-related systems.
• Review firewall rules, boundary protections, IDS/IPS configurations, and secure network architecture diagrams.
• Assist in reviewing and validating DISA Security Technical Implementation Guides (STIGs) compliance.
• Assess authentication and access control implementations including MFA, SSO, RBAC, and privileged access management.
• Review Interface Control Documents (ICDs) and Interconnection Security Agreements (ISAs) to ensure cybersecurity requirements are met prior to submission.
• Support incident response efforts by analyzing logs, alerts, and security events impacting the EHR environment.
• Develop and maintain security documentation including Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and change requests.
• Provide cybersecurity recommendations to engineering and architecture teams to mitigate risk across cloud and on-prem environments.
• Assist in ensuring HIPAA and federal data privacy safeguards are implemented to protect patient information.

Benefits

• Full-flex work week
• 401K with company match
• Comprehensive health and wellness packages
• Internal mobility team
• Professional growth opportunities including paid education and certifications
• Cutting-edge technology
• Paid vacation and holidays
• 15 days of paid leave per calendar year
• 10 paid holidays per year
• Paid Family Leave program (up to 160 hours)
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance