|Published||June 22, 2022|
|Location||San Dimas, CA|
Are you an experienced Cybersecurity Architect with CISSP certification looking to use your talents to make a difference?
At QTC, Cybersecurity Architects work in an that is innovative and self-governed. We create and apply new technologies in a team environment that is fun, creative and supportive. Best of all, the applications we create have a direct impact on the lives of our nation’s veterans!
Remote opportunities are available with a preference for candidates located near San Dimas, CA; San Antonio, TX; Nashville, TN; and Philadelphia, PA.
QTC is the nation’s largest provider of disability and occupational health examination services. We are PASSIONATE about our country’s veterans, UNITED as a team and INSPIRED to make a difference.
To provide high-quality, timely, and customer-focused medical examination service solutions, we honor our core values of integrity, innovation, agility, collaboration, inclusion and commitment. We celebrate diverse thinking and welcome contributions from all.
We offer meaningful and engaging careers to support you and your career goals, all while nurturing a healthy work-life balance, and we are proud to provide an employment package that attracts, develops and retains the best talent:
- Competitive compensation and quarterly bonuses
- Tuition reimbursement
- A 50% company match of your pre- and post-tax contributions up to 6% of your salary, including immediate vesting of company contributions
- Generous paid time off (minimum of 14 days/year), as well as 9 paid holidays
- Access to flexible benefits, including health and wellness programs, long and short term disability, an employee assistance program, employee referral bonuses, credit union access and flexible spending accounts
- An inclusive and ethical work place
In this rewarding role, you will be responsible for planning, designing, creating, and maintaining the IT Security solutions and capabilities that enable the organization to identify, protect, detect, respond, and recover from cyber threats and vulnerabilities. Defines and develops security requirements using risk assessments, threat modeling, testing, and analysis of existing systems. Evaluates the design and effectiveness of IT controls based upon industry best-practice models (e.g. NIST, SOX, COBIT, ITIL, FISMA, OMB, etc.) in accordance with compliance requirements to conform to standards and regulations.
Ideally, you will have:
- Bachelor’s Degree in a related discipline w/ 5 to 9 years of relevant professional experience
- CISSP and or CISM Certification
- Working knowledge in service-oriented architecture
- Industry recognized technology certification (e.g. MCSE, CCDP, CCIE, RHCA, etc.)
- Ability to successfully pass National Agency Check with Inquiries (NACI) background investigation
NOTE: This position has multiple levels; candidates will be “leveled in” based on years of experience at time of hire”.
This job description supersedes all prior job descriptions and is intended to describe the general content and essential requirements for the position listed above. It is not to be construed as an exhaustive statement of requirements, duties and responsibilities. Management reserves the right to add or change the duties of this position as required at any time.
QTC Management Inc. is a VEVRAA Federal contractor and an Equal Opportunity Employer. The company has an ongoing commitment to affirmative action and the creation of a workplace free of discrimination, harassment and retaliation. The company recruits, hires, trains, and promotes individuals in all job titles without regard to race, color, creed, religion, ancestry, national origin, age, sex, pregnancy, sexual orientation, gender identity, genetic information, people with disabilities protected under law, and protected veteran status.
Essential Duties and Responsibilities:
- Understanding business requirements for cyber security solutions and translating these into technology-based solutions using a number of suitable portfolio offerings.
- Providing advice on technical and operational security measures designed to help defend against cyber threats.
- Leading complex deployments of cyber security portfolio solutions.
- Authorship, ownership and peer approval of High Level Design (HLD) documentation.
- Ensuring technical sign-off of Low Level Design (LLD) and operational documentation.
- Act as mentor and provide support to colleagues across the Architecture and Engineering teams.
- Provide technical input for ongoing development of portfolio and to bids, solutions and RFP documents.
- Assists in the analysis and definition of security requirements
- Assists with certifications and accreditation reviews, security test and evaluations and drafting associated reports
- Coordinates compliance remediation activities and maintains accurate list of open and close compliance issues for the organization
- Coordinates all internal (e.g. Leidos internal audits) and external audit events (e.g. HIPAA, NIST, SOX, , Authorization To Operate (ATO) with clients, etc.), including discovery, sample delivery, management response, and remediation activities for all audits
- Works with Leidos Security team to conduct, report, and remediate findings from Intrusion Detection and other vulnerability scans
- Develops mapping for controls to a Unified Control Framework
- Perform other duties and responsibilities as assigned
- Ability to understand weight and intent of compliance requirements to provide effective and meaningful analysis
- Must be a hands-on individual who is reliable, self-motivated, and has a can-do attitude
- Experience managing and maintaining compliance within large organizations and distributed environments
- Ability to identify technical and process design gaps and recommend appropriate remediation
- Ability to prepare compliance reports and associated metrics
- Ability to work with customer audit teams to fill information request
- Excellent negotiation and executive-level presentation skills
- Ability to multi-task and work effectively/efficiently with little direct supervision
- Excellent writing, editing, and documentation and evidence management skills
- Some travel will be required
- Must be legally eligible to work in the United States
Education and/or Experience: (includes certificate & licenses)
- Bachelors degree from an accredited college in Technology related discipline (e.g. Computer Science, Engineering, Information Systems, etc.) or equivalent experience/combined education
- 5 to 9 years working in compliance, information security, or internal audit covering one or more of the following: HIPAA, NIST 800-53, and Sarbanes-Oxley
- Required CISSP or CISM
- Working experience with HIPAA and one or more of the following standards and regulations: NIST 800-53, SOX, PCI
- Experience with using security tools such as Nessus, NMAP, Rapid7, and Qualys
- Must be able to successfully pass National Agency Check with Inquiries (NACI) background investigation
- Bachelors or better
- Executing Multiple Tasks
- Verbal Communication
- Written Communication
- Project Management
- Problem Solving
- Dedicated: Devoted to a task or purpose with loyalty or integrity
- Detail Oriented: Capable of carrying out a given task with all details necessary to get the task done well
- Team Player: Works well as a member of a group
- Growth Opportunities: Inspired to perform well by the chance to take on more responsibility
- Goal Completion: Inspired to perform well by the completion of tasks
- Self-Starter: Inspired to perform without outside help
- Work-Life Balance: Inspired to perform well by having ample time to pursue work and interests outside of work
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)