Essential Job Functions:
Attends work on a regular and predictable schedule in accordance with agency leave policy and performs other duties as assigned. Provides security and risk management services by performing risk identification, assessment, and remediation as well as regulatory and internal compliance monitoring using standards and processes as required to adequately protect HHS personnel, facilities, infrastructure, information, and business operations. Plan, create, and implement application security program documentation (30%). Perform application security assessments and provide remediation guidance (30%). Leads, facilitates security projects and tasks (20%). Advises management and users regarding enterprise security program functions (10%). Supervises or mentors other security analysts in the performance of their duties (10%).
Knowledge Skills Abilities:
1. Excellent written and verbal communication skills. 2. Superior problem solving skills, ability to comprehend complex technical topics quickly. 3. Skill at creating and implement security program policies, standards, controls, procedures. 4. Skill at performing, risk assessments, security assessments, and form mitigation alternatives in defining compensating controls. 5. Broad technology skills in networking, operating systems, applications and databases. 6. Knowledge of network technologies to include wireless and mobile platforms 7. Knowledge of incident response concepts and processes. 8. Knowledge of compliance requirements including HIPAA/HITECH, PCI, SOX, 1 TAC 202, IRS Publication 1075, Texas Business and Commerce Code, and Texas Health and Safety Code. 9. Knowledge of security and risk frameworks including NIST, SANS, HITRUST, ISO, CoBIT 10. Knowledge of OWASP Secure-Software Development Lifecycle (S-SDLC) methodologies and processes and Software Assurance Maturity Model (SAMM). 11. Experienced in creating threat risk such as models using STRIDE & DREAD. 12. Developer in one or more coding/scripting languages. e.g. C, C++, Java, JSP, .NET, ASP.NET, Visual Basic, VBScript, JavaScript, PL/SQL or Oracle DB/MS SQL Server. 13. Experienced reviewing web-based solutions developed in HTML5, DHTML, CSS, and JavaScript. 14. Experienced in performing application security assessment for all types of applications, internet, extranet, Intranet, mobile, etc… 15. Experienced with usage of applications security tools/source code analyzers. E.g. HP Fortify SCA, IBM Rational AppScan.
Registration or Licensure Requirements:
Prefer one or more of the following. Certified Information Systems Security Professional (CISSP), Certified Secured Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), EC-Council Certified Secure Programmer (ECSP), EC-Council Certified Security Analyst (ECSA), Licensed Penetration Tester (LPT), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), GIAC Security Essentials Certification (GSEC), GIAC Web Application Penetration Tester (GWAPT), CompTIA Security+
Initial Selection Criteria:
Overall experience in the security field, good writing and analytical skills.
Additional Information:
Graduation from an accredited four-year college or university with major course works in data processing, computer science, or a related field is generally preferred. Equivalent experience may be substituted on a year for year basis. Applicants selected for interview may be administered a practical skills exercise. A criminal background check is required for this position. In compliance with the Americans with Disabilities Act (ADA), HHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview. Note: Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position include: Army; 25B, 25D, 35Q, 35T, 255A, 255S, 53A, Navy; CT, IT, 181X 182X, 183X, 184X, 642X, 644X, 645X, 742X, 743X, 744X, 745X, Coast Guard; 205, OS, 26, 030, 040, C4I11, ISM, OSS, Marine Corps: 0651, 0659, 0681, 0689, 0605, 0650, 8858, Air Force; 1A8X1, 1B4X1, 3D0X3, 3D1X2, 14NX, 17CO, 17DX, 17SX. For more information see the Texas State Auditor’s Military Crosswalk at http://www.hr.sao.state.tx.us/Compensation/JobDescriptions.aspx Req ID: 303689
HHS agencies use E-Verify. You must bring your I-9 documentation with you on your first day of work.
I-9 Form
- Click here to download the I-9 form.
In compliance with the Americans with Disabilities Act (ADA), HHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.
EmoticonEmoticon