Information Privacy and Security Advisor

Peraton is seeking a highly skilled Information Privacy and Security Engineer to lead security engineering, governance, risk and compliance activities for a missioncritical systems contract with the federal government. This role oversees daytoday operational security, ensures adherence to federal cybersecurity and privacy requirements, and drives continuous security improvement across O&M and system enhancement workstreams. The manager partners with program leadership and operations teams to maintain Authority to Operate (ATO), safeguard Protected Health Information (PHI), and deliver reliable, compliant services at scale.

Duties and Responsibilities:

Own the security architecture and control implementation across application, infrastructure, and cloud layers, aligned with NIST SP 80053 control baselines, FIPS 199/200 categorization, and CMS security policies.
• Drive vulnerability management (scan triage, remediation SLAs, patch governance) and configuration baselines (e.g., DISA STIGs, CIS Benchmarks, SCAP).
• Compliance, Risk Management Framework (RMF) and Audit Readiness
• Lead endtoend Risk Management Framework (RMF) activities (NIST SP 80037), including security categorizations, control tailoring, System Security Plan (SSP), security assessment, POA&Ms, and continuous monitoring to sustain ATO.
• Ensure compliance with HIPAA Security Rule (45 CFR *164) for PHI, CMS Acceptable Risk Safeguards (ARS), OMB Circular A130, and HHS policies.
• Coordinate internal/external audits (IG, CMS, third-party assessors), evidence collection, and control testing; maintain impeccable documentation.
• Lead incident response lifecycle for PHI/PII incident reporting: triage, containment, eradication, recovery, forensics coordination, root cause analysis, and required notifications/reporting.
• Manage access control, identity, MFA, privileged access, security vulnerabilities and continuous monitoring dashboards; ensure reliable backup/restore and disaster recovery exercises.
• Enforce data classification, encryption (in transit/at rest), key management, and tokenization aligned with CMS/HHS requirements.
• Contribute to risk registers and monthly status reporting for program security status to present succinct updates to CMS stakeholders.
• Translate complex security concepts into clear, actionable guidance for technical and nontechnical audiences.
• Collaborate closely with Program Management, Engineering, QA, Operations, and CMS counterparts.
• Contribute to security requirements for contract renewals and new contract bids.

Basic Requirements:

• Minimum of 8 years with BS/BA in Computer Science, Information Security, or related field; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Experience in cybersecurity across engineering, compliance, and operations.
• 3+ years in security leadership/management on federal programs.
• Proven experience with NIST SP 80053, RMF (NIST SP 80037), FIPS 199/200, HIPAA Security Rule, OMB A130, and CMS policy frameworks (e.g., CMS ARS).
• Hands-on with SIEM/EDR, vulnerability management, cloud security architectures (AWS GovCloud/Azure Government), network segmentation, zero trust principles, and DevSecOps tooling.
• Strong documentation skills (SSP, IS RA, SAR, POA&M, Contingency Plans, runbooks, playbooks) and audit engagement.
• US Citizenship is required.
• Must have the ability to obtain and maintain a Public Trust clearance.

Preferred Qualifications

• Certifications: CISSP, CISM, CAP, CCSP, CASP+, Security+, or equivalent.
• Cloud security certs (e.g., AWS Security Specialty, Azure Security Engineer Associate).
• Experience with TIC 3.0, NIST SP 80063 (digital identity), NIST SP 80030 (risk assessment), configuration baselines (DISA STIGs/CIS), and FedRAMP-aligned controls.
• Background in large-scale healthcare/Medicare environments and PHI/PII safeguarding.
• Familiarity with continuous ATO, automated compliance (policy-as-code), and modern IaC pipelines.
• Must be US Citizen or Lawful Permanent Resident
• Must be able to obtain a Public Trust clearance
• Problem-solving mindset with the ability to take initiative and work independently.
• Comfortable in a fast-paced, iterative development environment.
• Experience working with the federal government. Particularly with Center for Medicare and Medicaid Services (CMS).

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.