ResponsibilitiesPeraton is seeking a highly skilled Information Privacy and Security Engineer to lead security engineering, governance, risk and compliance activities for a mission‑critical systems contract with the federal government. This role oversees day‑to‑day operational security, ensures adherence to federal cybersecurity and privacy requirements, and drives continuous security improvement across O&M and system enhancement workstreams. The manager partners with program leadership and operations teams to maintain Authority to Operate (ATO), safeguard Protected Health Information (PHI), and deliver reliable, compliant services at scale.
Duties and Responsibilities:
- Own the security architecture and control implementation across application, infrastructure, and cloud layers, aligned with NIST SP 800‑53 control baselines, FIPS 199/200 categorization, and CMS security policies.
- Drive vulnerability management (scan triage, remediation SLAs, patch governance) and configuration baselines (e.g., DISA STIGs, CIS Benchmarks, SCAP).
- Compliance, Risk Management Framework (RMF) and Audit Readiness
- Lead end‑to‑end Risk Management Framework (RMF) activities (NIST SP 800‑37), including security categorizations, control tailoring, System Security Plan (SSP), security assessment, POA&Ms, and continuous monitoring to sustain ATO.
- Ensure compliance with HIPAA Security Rule (45 CFR 64) for PHI, CMS Acceptable Risk Safeguards (ARS), OMB Circular A130, and HHS policies.
- Coordinate internal/external audits (IG, CMS, third-party assessors), evidence collection, and control testing; maintain impeccable documentation.
- Lead incident response lifecycle for PHI/PII incident reporting: triage, containment, eradication, recovery, forensics coordination, root cause analysis, and required notifications/reporting.
- Manage access control, identity, MFA, privileged access, security vulnerabilities and continuous monitoring dashboards; ensure reliable backup/restore and disaster recovery exercises.
- Enforce data classification, encryption (in transit/at rest), key management, and tokenization aligned with CMS/HHS requirements.
- Contribute to risk registers and monthly status reporting for program security status to present succinct updates to CMS stakeholders.
- Translate complex security concepts into clear, actionable guidance for technical and non‑technical audiences.
- Collaborate closely with Program Management, Engineering, QA, Operations, and CMS counterparts.
- Contribute to security requirements for contract renewals and new contract bids.
Qualifications
Basic Requirements:
- Minimum of 8 years with BS/BA in Computer Science, Information Security, or related field; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
- Experience in cybersecurity across engineering, compliance, and operations.
- 3+ years in security leadership/management on federal programs.
- Proven experience with NIST SP 800‑53, RMF (NIST SP 800‑37), FIPS 199/200, HIPAA Security Rule, OMB A130, and CMS policy frameworks (e.g., CMS ARS).
- Hands-on with SIEM/EDR, vulnerability management, cloud security architectures (AWS GovCloud/Azure Government), network segmentation, zero trust principles, and DevSecOps tooling.
- Strong documentation skills (SSP, IS RA, SAR, POA&M, Contingency Plans, runbooks, playbooks) and audit engagement.
- US Citizenship is required.
- Must have the ability to obtain and maintain a Public Trust clearance.
Preferred Qualifications
- Certifications: CISSP, CISM, CAP, CCSP, CASP+, Security+, or equivalent.
- Cloud security certs (e.g., AWS Security Specialty, Azure Security Engineer Associate).
- Experience with TIC 3.0, NIST SP 800‑63 (digital identity), NIST SP 800‑30 (risk assessment), configuration baselines (DISA STIGs/CIS), and FedRAMP-aligned controls.
- Background in large-scale healthcare/Medicare environments and PHI/PII safeguarding.
- Familiarity with continuous ATO, automated compliance (policy-as-code), and modern IaC pipelines.
- Must be US Citizen or Lawful Permanent Resident
- Must be able to obtain a Public Trust clearance
- Problem-solving mindset with the ability to take initiative and work independently.
- Comfortable in a fast-paced, iterative development environment.
- Experience working with the federal government. Particularly with Center for Medicare and Medicaid Services (CMS).
Target Salary Range$104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual9s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.
