Excentium Inc. is a veteran owned small business that provides Cyber Security Engineering, Information Assurance (IA), management, Certification and Accreditation (C&A), and other IT services to government and commercial organizations.

We have an opportunity for a Cybersecurity Engineer 4 supporting one of our Federal customers in the Charleston SC. area.

MINIMUM CLEARANCE LEVEL: Secret

CITIZENSHIP: US Citizenship

LOCATION: FT. Detrick MD (Fredrick MD.)

Medical Device Cybersecurity Analyst 

Key Skills:

As a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), Contractor personnel shall provide C&A, cybersecurity, and lifecycle management guidance for medical devices/systems deployed throughout the AF in accordance with the timelines established within the project management plan for each IA certification.  This support functionality shall include the following responsibilities:

• Assists in the development of multiple vendor C&A (RMF, DIACAP, PIT, etc.) artifact documentation to be used in the accreditation process.  Upload C&A artifact documentation/notes into appropriate tracking tool
• Assists in conducting Independent Verification and Validation (IV&V) of medical devices from various vendors and Original Equipment Manufacturers (OEMs).  This includes interpreting results, ensuring proper implementation of controls, ensuring proper configurations, etc.  These efforts are all based on Department of Defense Instructions (DoDI), AFIs, DHA Administrative Instructions, Federal Drug Administration (FDA) Guidelines, and current industry standards.
• Updates security documentation related to reaccreditations, annual reviews, accreditation updates, and when configuration changes are made to the device/systems and upload into the Medical Device IA tracking tool and Enterprise Mission Assurance Support Service (EMASS) web-based application, no later than (NLT) three (3) business days after updates are received from the vendor, MTF, DHA or other AF agencies (Deliverable 2).
• Ensures medical device manufacturers and vendors are informed on properly configured medical device systems based on up-to-date DoD/DHA/AF C&A security policy requirements and guidance.
• Advises medical device manufacturers and AF/DHA network security teams on proper medical device patch management processes that includes a requirement for vendors to validate patches prior to installation.
• Utilizing the approved/standard PMO weekly update template (to be provided by the respective PMO after contract award), provides weekly status reports to the PMO Leadership.  This report shall include a summary of all contractor work performed, travel, system status, and concerns/recommendations for improvements NLT 4:00 PM local time each Monday (or next business day if Monday is a holiday) (Deliverable 3).
• Registers, maintains, uploads documentation, and updates the accreditation status for all assigned projects into the Medical Device IA Tracking Tool and Government web-based application for EMASS.  
• Works with the vendors and MTFs to maintain the accreditation of systems and ensure that reaccreditations are completed in a timely manner prior to the expiration of a system’s accreditation.
• Works with the vendors and MTFs to complete quarterly reviews of DIACAP accredited systems and submit to DHA on the 26th of each month and monthly scans are due the 26th of each month for systems accredited under RMF (Deliverable 10).
• Assists in responding to USCYBERCOM taskers that affect AF Medical Devices.
• Consults with equipment manufacturers and other DoD agencies to obtain information they can use to advise and assist the CE and PMO Leadership in producing sound engineering solutions to enhance the security posture of the medical device systems being deployed
• Interfaces with numerous medical user representatives, commercial device manufacturers, the DHA Cybersecurity Division, and in some cases, other agencies with AF, DHA and DoD C&A. 

These interactions/communications include, tasking’s such as: 

cybersecurity risk assessments (RA), tests and evaluations, technology evaluation and integration, network design, network security applications (Public Key Infrastructure [PKI], Virtual Private Networks [VPN], firewalls, Intrusion Detection Systems, etc.), IA web site information, research and evaluation on Cybersecurity matters, incident response and reporting, AFMS, MHS, RMF, DIACAP/Command, Control, Communications, and Computer Intelligence Support Plan (C4ISP) security documentation, technical papers, white papers, military staff package preparation, evaluation of applicable standards of The Joint Commission, Health Insurance Portability and Accountability Act (HIPAA), wireless technologies, and privacy issues.

Education:  Bachelor of Science in Computer Science or five (5) years, within the last 7 years, commensurate experience in developing C&A artifacts/documentation, IA/Cybersecurity, or systems/network engineering.  

Experience: Have 5 years working knowledge of how medical devices/systems work and interface with other medical devices and medical Automated Information Systems (AISs).  Contractor personnel shall fully understand security requirements as it relates to all types of C&A (RMF, DIACAP, PIT, etc.).  Contractor personnel shall also have a basic understanding of the relationship between commercial-off-the-shelf medical devices, the Food and Drug Administration regulatory requirements, medical device lifecycle management, and the AF Medical Service’s (AFMS) use of these devices.

Certifications: Shall be a CISSP or CISM and maintain the certification in good standing in accordance with (IAW) DoD 8570.01-M

Active Secret Clearance Required

Excentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off.

Interested candidates should apply at the following web site: http://www.applicantstack.com/client/Excentium/x/openings for immediate consideration.

Excentium, Inc. is an equal opportunity employer.