Design, implement, and maintain complex GRC platform and application use cases, including POA&M management, Security Incident handling, System Inventory tracking, and ATO workflow automation, ensuring alignment with HHS security processes.
Build and maintain advanced GRC platform features such as Data Driven Events (DDEs), calculated fields, cross-reference relationships, and subform rollups.
Develop secure REST and SOAP APIs for the GRC platform to integrate with CDM, HSDW, and other enterprise data reporting platforms, ensuring compliance with OMB, NIST 800-53 Rev. 5, and Zero Trust principles.
Create custom reports, iViews, dashboards, and access control logic for user groups across multiple OpDivs.
Provide hands-on support for the full Dev > UAT > Prod pipeline across HCAP-managed environments.
Perform troubleshooting and root cause analysis in collaboration with Lab Administrators, DBAs, and QA teams.
Participate in weekly release meetings, providing technical demonstrations and leading remediation efforts.
Maintain and version control configuration documentation including guides, workflow maps, and change logs.
Mentor mid-level developers on platform architecture, API strategies, and optimization techniques.
Collaborate with cross-functional teams including Business Analysts, QA Testers, Lab Admins, and CISO staff to align functionality with security and operational objectives.
Required Qualifications
At least 10 years of hands-on software engineering experience, with 5 years of direct experience configuring and customizing RSA Archer within a federal enterprise environment.
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field.
Strong understanding of compliance frameworks including NIST 800-53 Rev. 5, FISMA, and DISA STIGs.
Experience developing APIs and integrating enterprise applications.
Excellent problem-solving skills with the ability to communicate effectively with both technical and non-technical stakeholders.
Experience documenting system designs, configuration changes, and implementation history to meet audit standards.
Preferred Qualifications
RSA Archer Certified Administrator or equivalent certification.
Certified Information Systems Security Professional (CISSP) or similar credential.
Experience contributing to OSCAL integration for automated control implementation and system documentation.
Experience in federal cybersecurity environments with an emphasis on GRC applications.
