Offer summary

Qualifications:

Bachelor's degree in Information Technology, Engineering, or related field., At least 8 years of experience in a security role within IT., Minimum of 5 years in information security, including assessments and vulnerability testing., Certifications such as CISSP, CISM, CEH, or equivalent are preferred..

Key responsibilities:

Assess contractor systems for compliance with security standards and regulations.

Review vulnerability assessments and recommend security improvements.

Evaluate security policies, procedures, and incident responses.

Monitor security logs and reports to identify and resolve issues.

Job description

QA Security Analyst
Location: Remote
Salary: $100–140k

Sabot Consulting is seeking a highly skilled and experienced QA Security Analyst to evaluate and enhance the security posture of contractor systems supporting Medicaid Enterprise Systems (MES). This role is responsible for assessing compliance with security standards, reviewing vulnerability assessments, and recommending improvements to ensure data protection and regulatory compliance. The ideal candidate will bring deep expertise in information security, risk assessment, and audit readiness, particularly in healthcare or government environments.

Responsibilities:

Identify, evaluate, and report on contractor systems’ compliance with security, regulatory, legislative, and contractual requirements.
Assess contractors’ ability to implement and monitor security policies, standards, procedures, and controls.
Evaluate and recommend improvements to information security, compliance, and privacy policies.
Review vulnerability testing results to prevent data breaches and ensure HIPAA and other regulatory compliance.
Assess contractor responses to security breaches and evaluate resolution effectiveness.
Review logs and reports from security tools, servers, workstations, and network devices to identify and resolve security issues.
Recommend additional or enhanced security solutions to improve enterprise security.
Evaluate compliance with IT security audit procedures, including NYS ITS standards, ISO 27001, NIST 800-23, HIPAA, Pub 1075, HITECH, and MARS-E.
Review and assess contractor vulnerability assessments, penetration tests, and security audits.

Must Have:

8+ years in a security role within the IT industry.
5+ years in information security, including system/application security assessments and use of penetration testing, vulnerability scanning, and risk assessments.
2+ years working with cloud-based systems and understanding their security implications.
2+ years working with security frameworks and standards such as ISO 27001, SOC2, and NIST Cybersecurity Framework.
Bachelors degree in Information Technology, Engineering, or a related field.
At least one of the following certifications: CompTIA Security+, GIAC Information Security Fundamentals, Microsoft Certified Systems Administrator: Security, Associate of (ISC)², Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Offensive Security Certified Professional (OSCP),Certified Ethical Hacker (CEH)

Nice To Have:

2 years of experience with CMS Acceptable Risk Safeguards (ARS) and NIST SP 800-53 at the Moderate level.
2 years of experience as a Security Analyst for a large healthcare system.

About Us: Sabot Consulting is a management consulting company focused on providing technical and management consulting to IT executives and managers in strategic, operational, and project-based practice areas. Our focus on providing expert staff that have the knowledge, experience, and professionalism to engage the client at all levels is the key to our success.

Required profile