Cybersecurity Specialist

The CDC Foundation helps the Centers for Disease Control and Prevention (CDC) save and improve lives by unleashing the power of collaboration between CDC, philanthropies, corporations, organizations and individuals to protect the health, safety and security of America and the world. The CDC Foundation is the go-to nonprofit authorized by Congress to mobilize philanthropic partners and private-sector resources to support CDC’s critical health protection mission. Since 1995, the CDC Foundation has raised over $1.9 billion and launched more than 1,300 programs impacting a variety of health threats from chronic disease conditions including cardiovascular disease and cancer, to infectious diseases like rotavirus and HIV, to emergency responses, including COVID-19 and Ebola. The CDC Foundation managed hundreds of programs in the United States and in more than 90 countries last year. Visit www.cdcfoundation.org for more information.  
Job HighlightsLocation: Remote, must be based in the United StatesWork Schedule: 8am – 5pm Chamorro Standard Time (ChST), with some flexibility. Occasionally, attendance at meetings outside of these hours may also be requiredSalary Range: $135,000-$166,563 per year, plus benefits. Individual salary offers will be based on experience and qualifications unique to each candidate. Position Type: Grant funded, limited-term opportunityPosition End Date: June 30, 2025
OverviewThe Cybersecurity Specialist will play a crucial role in advancing the CDC Foundation's mission by safeguarding the digital assets, data, and systems of a public health organization from cyber threats and attacks. This role is aligned to the Workforce Acceleration Initiative (WAI). WAI is a federally funded CDC Foundation program with the goal of helping the nation’s public health agencies by providing them with the technology and data experts they need to accelerate their information system improvements.
Working within the Guam Department of Public Health & Social Services within the branch of Office of Technology, the Cybersecurity Specialist will identify, assess, and mitigate security risks by implementing robust security measures and protocols. This includes conducting security audits, penetration testing, and vulnerability assessments to identify weaknesses in the organization's infrastructure and applications. The Cybersecurity Specialist will also develop and enforce security policies and procedures, educate employees on best security practices, and respond to security incidents in a timely and effective manner. In this role, you will implement best practices regarding cybersecurity threats and trends, continuously improving the organization's security posture.
Strong technical skills are required in areas such as network security, encryption, intrusion detection, and incident response, as well as knowledge of regulatory compliance requirements, are essential for this role. Additionally, excellent communication and collaboration skills are crucial for effectively liaising with partners and maintaining a proactive approach to cybersecurity.
The Cybersecurity Specialist will be hired by the CDC Foundation and placed at Guam Department of Public Health & Social Services within the branch of Office of Technology. This position is eligible for a fully remote work arrangement for U.S. based candidates. 

Responsibilities

• Perform security activities including vulnerability testing and analysis, code review, static and dynamic code.
• Perform business logic exploit testing.
• Implement automation framework within cloud computing infrastructure around security events.
• Automate infrastructure security testing and penetration testing.
• Identify, analyze and correct security related issues.
• Utilize advanced tools and techniques to detect and analyze potential cybersecurity threats and vulnerabilities across the organization's network, systems, and applications.
• Monitor security events and alerts in real-time, investigate potential security incidents, and respond promptly to mitigate threats and minimize impact.
• Conduct regular vulnerability assessments and penetration testing to identify weaknesses in the organization's infrastructure, prioritize remediation efforts, and ensure systems are adequately protected.
• Collaborate with technical teams to design and implement robust security architectures that align with business goals and industry best practices, incorporating elements such as firewalls, intrusion detection systems, and encryption.
• Develop and maintain cybersecurity policies, procedures, and standards, ensuring compliance with relevant regulations and industry frameworks. Enforce security policies through education, training, and regular audits.
• Develop and maintain incident response plans and playbooks, outlining procedures for effectively responding to security incidents, including containment, eradication, and recovery efforts.
• Provide cybersecurity awareness training to employees, contractors, and other partners to promote a culture of security and empower individuals to recognize and respond to potential threats.
• Conduct comprehensive risk assessments to identify and prioritize security risks to the organization's assets and data, collaborating with partners to develop and implement risk mitigation strategies.
• Ensure compliance with relevant regulatory requirements, industry standards, and contractual obligations related to cybersecurity, maintaining documentation and evidence of compliance efforts.
• Evaluate the security posture of third-party vendors and service providers, assessing their ability to protect sensitive data and mitigate security risks effectively.
• Prepare and present regular reports on security incidents, trends, and metrics to senior management and partners, providing insights into the organization's security posture and areas for improvement.

Qualifications

• Bachelor’s degree in computer science, information technology, cybersecurity, or a related field. Advanced degree or professional certifications (e.g., CISSP, CISM, CEH) is preferred.
• Minimum 5 years of experience in cybersecurity roles, with specific experience in risk assessment, incident response, and policy development.
• Knowledge of cybersecurity principles, technologies, and best practices, including network security, encryption, identity and access management, and security monitoring.
• Knowledge and familiarity with relevant regulatory requirements and frameworks, such as HIPAA, GDPR, NIST Cybersecurity Framework, and ISO 27001.
• Strong analytical skills and attention to detail, with the ability to assess complex security issues and develop effective solutions.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with partners at all levels of the organization.
• Ability to work independently and prioritize tasks in a fast-paced environment, while also functioning as part of a multidisciplinary team.
• Ability to convey technical concepts to non-technical partners effectively.
• Outstanding interpersonal and teamwork skills; collegial; energetic; and able to develop productive relationships with colleagues, partners, and partners.
• Flexibility to adapt to evolving project requirements and priorities.
• Demonstrated ability to work well independently and within teams.
• Experience working in a virtual environment with remote partners and teams.
• Proficiency in Microsoft Office.

Special NotesThis role is involved in a dynamic public health program. As such, roles and responsibilities are subject to change as situations evolve. Roles and responsibilities listed above may be expanded upon or updated to match priorities and needs, once written approval is received by the CDC Foundation in order to best support the public health programming.
All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, national origin, age, mental or physical disabilities, veteran status, and all other characteristics protected by law.
We comply with all applicable laws including E.O. 11246 and the Vietnam Era Readjustment Assistance Act of 1974 governing employment practices and do not discriminate on the basis of any unlawful criteria in accordance with 41 C.F.R. §§ 60-300.5(a)(12) and 60-741.5(a)(7). As a federal government contractor, we take affirmative action on behalf of protected veterans.
The CDC Foundation is a smoke-free environment.  Relocation expenses are not included.