Senior IT Security Analyst - SITSA24-17609

Job Title: Senior IT Security Analyst Location: Quincy, MA (Hybrid) Duration: 6 months (Extension likely) Job Description: We are seeking a Senior IT Security Analyst to join our team supporting the Medicaid Management Information System (MMIS). This role will focus on identifying, deploying, and integrating security controls into the MMIS system, ensuring robust security throughout its lifecycle. Responsibilities include collaborating with security teams, assisting with security audits, addressing vulnerabilities, and supporting the integration of security tools like Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) into the development process. The ideal candidate will contribute to enhancing the security posture of MMIS systems, particularly as they migrate to AWS cloud services. Key Responsibilities: Implement security best practices for AWS-hosted applications, leveraging AWS security and monitoring tools. Collaborate with internal security teams to identify and address vulnerabilities in infrastructure and application code. Integrate security tools (SAST, DAST, SCA) into the MMIS Software Development Lifecycle (SDLC) to improve early detection and remediation of threats. Contribute to the development of security standards, secure frameworks, and educational materials for developers. Present and defend risk detection and mitigation strategies to business and IT stakeholders. Assist in defining technical security requirements for the MMIS environment. Qualifications: Extensive experience implementing security best practices in AWS environments. Familiarity with DevOps practices and CI/CD pipelines (e.g., GitLab). Strong understanding of application security, including web and API development. Experience with healthcare IT systems or Medicaid systems is a plus. Education and Experience: Associate's degree in Computer Science, Information Systems, or a related field (or equivalent work experience). Professional certifications such as CompTIA Security, AWS Security Specialty, (ISC)2 CCSP, or GIAC GSEC preferred. 3 years of experience in application and infrastructure security. Familiarity with security frameworks (NIST 800-53, FEDRamp, ISO 27xxx) and AWS security tools. Strong technical documentation, writing, and analytical skills.