Take the First Step

Towards and Exciting Consulting Career.

Careers at First

At First, our reputation and success rests with the advisors who are in front of our clients every day. Our employees personal and financial prosperity is paramount. That is why we extend our employees and associates one of the healthcare IT industry’s most customizable compensation and benefits packages. First is committed to maintaining high levels of employee satisfaction and camaraderie in an role that is challenging and travel intensive. Our programs are designed to fit your individual situation; allowing First to attract top industry talent. We look forward to speaking to you and making our team your First!

HIT Cybersecurity Consultant Job Descriptions

Position: Health Cybersecurity Analyst

The Health Cybersecurity Analyst conducts threat and vulnerability assessments and determines deviations from acceptable configurations or policies. The successful candidate will assess the level of risk and develop and/or recommend appropriate mitigation countermeasures in operational and non-operational situations. The position may also help test, implement, deploy, and administer the infrastructure hardware, software, and documentation that are required to effectively manage network defense resources.

Additional Responsibilities:

  • Analyze organization’s Enterprise Network Defense (END) policies and configurations and evaluate compliance with regulations and organizational directives.
  • Conduct and/or support authorized penetration testing on enterprise network assets.
  • Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support Enterprise Network Defense (END) audit missions.
  • Maintain knowledge of applicable Enterprise Network Defense (END) policies, regulations, and compliance documents specifically related to cyber defense auditing.
  • Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
  • Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, and supporting infrastructure).
  • Assist with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

Requirements:
Education: Requires Bachelor degree in Computer Science, Information Systems, Health Information Management, or related field. Licensures: N/A Certifications: Preferred certification as GCIH, CEH.

Experience:
Five (5) plus years experience in an IT and/or healthcare related field.

Skills:
Knowledge of network protocols (e.g., Transmission Critical Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]). Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). Knowledge of PCI DSS v3.1, PII, HIPAA

Position: Health Cybersecurity Engineer

The Health Cybersecurity Engineer tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware, software, and documentation that are required to effectively manage network defense resources. The successful candidate will also monitor the network to actively remediate unauthorized activities.

Additional Responsibilities:

  • Implement Risk Management Framework (RMF)/Security Assessment and Authorization (SA&A) requirements for specialized Enterprise Network Defense (END) systems within the enterprise, and document and maintain records for them.
  • Identify potential conflicts with implementation of any cyber defense tools within the Enterprise (e.g., tool and signature testing and optimization).
  • Administer test bed(s), and test and evaluate new cyber defense applications, rules/signatures, access controls, and configurations of platforms managed by service provider(s).
  • Create, edit, and manage changes to network access control lists on systems (e.g., firewalls and intrusion prevention systems).
  • Coordinate identifying, prioritizing, and coordinating the protection of critical enterprise infrastructure and key resources.
  • Perform system administration on specialized Enterprise Network Defense (END) applications and systems (e.g., anti-virus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup and restoration.

Requirements:
Education: Requires Bachelor degree in Computer Science, Information Systems, Health Information Management, or related field. Licensures: N/A Certifications: Preferred certification as GCIH/GCIA, CISSP, CASP.

Experience:
Five (5) plus years experience in an IT and/or healthcare related field.

Skills:
Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth). Kknowledge/understanding of networking requirements in a Windows/Linux environment. Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification [RFID], Infrared Networking [IR], Wireless Fidelity [Wi-Fi]. paging, cellular, satellite dishes), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly. Knowledge of PCI DSS v3.1, PII, HIPAA.

Position: Health Cybersecurity Architect

The Health Cybersecurity Architect is an operational/technical position, designing and developing system concepts and working on the capabilities phases of the systems development lifecycle. The successful candidate will translate technology and environmental conditions (e.g., laws, regulations, best practices) into system and security designs and processes. This role is the main subject matter expert on information security, with the responsibility to analyze existing and new technologies for their security impact. This role also has to speak for compliance with the HIPAA Security Rule and PCI.

Additional Responsibilities:

  • Analyze user needs and requirements to plan system architecture.
  • Collaborate with system developers to select appropriate design solutions or ensure the compatibility of system components.
  • Define and prioritize essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event.
  • Define appropriate levels of system availability based on critical system functions and ensure system requirements identify appropriate disaster recovery and continuity of operations requirements, to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recovery/restoration.
  • Design system architecture or system components required to meet user needs.
  • Develop information assurance (IA) designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data (primarily applicable to government organizations.
  • Document and address organization’s information security, information assurance (IA) architecture, and systems security engineering requirements throughout the acquisition lifecycle.
  • Ensure all definition and architecture activities (e.g., system lifecycle support plans, concept of operations, operational procedures and maintenance training materials) are properly documented and updated as necessary.
  • Provide input to the Risk Management Framework (RMF) process activities and related documentation (e.g., system lifecycle support plans, concept of operations, operational procedures, and maintenance training materials).
  • Provide advice on project costs, design concepts, or design changes.

Requirements:
Education: Requires Bachelor degree in Computer Science, Information Systems, Health Information Management, or related field. Licensures: N/A Certifications: Preferred certification as CISSP, GSEC, or GCED.

Experience:
Five (5) plus years experience in an IT and/or healthcare related field.

Skills:
Knowledge/understanding of networking requirements in a Windows/Linux environment, Data Loss Prevention systems, and system vulnerability assessment systems. Knowledge of PCI DSS v3.1, PII, HIPAA. Knowledge of the methods, standards, and approaches for describing, analyzing, and documenting an organization’s enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DODAF], Federal Enterprise Architecture Framework [FEAF]).

Position: Health Cybersecurity Director

The Health Cybersecurity Director is a leadership position that oversees and ensures that the appropriate operational security posture (e.g., network and system security, physical and environmental protection, personnel security, incident handling, security training and awareness) is implemented and maintained for an information system or program. The successful candidate advises the Authorizing Official (AO), an information system owner, or the Chief Information Security Officer (CISO) on the security of an information system or program. This role also has responsibility for compliance with the HIPAA Security Rule and PCI.

Additional Responsibilities:

  • Advise appropriate senior leadership or authorizing official of charges affecting the organization’s information assurance (IA) posture.
  • Collect and maintain data needed to meet system information assurance (IA) reporting.
  • Ensure that information assurance (IA) inspections, tests, and reviews are coordinated for the network environment.
  • Ensure that information assurance (IA) requirements are integrated into the continuity planning for that system and/or organization(s).
  • Ensure that protection and detection capabilities are acquired or developed using the Information system security engineering approach and are consistent with organization-level information assurance (IA) architecture.
  • Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
  • Evaluate cost-benefit, economic, and risk analysis in decision-making process.
  • Participate in information security risk assessment during the Security Assessment and Authorization (SA&A) process.
  • Participate in the development or modification of the computer environment information assurance (IA) security program plans and requirements.
  • Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
  • Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
  • Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures consistent with the organization’s mission and goals.
  • Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.

Requirements:
Education: Requires Bachelor degree in Computer Science, Information Systems, Health Information Management, or related field. Licensures: N/A Certifications: Preferred certification as GSLC, CISM, GCCC.

Experience:
Eight (8) plus years experience in an IT and/or healthcare related field.

Skills:
Knowledge of Information assurance (IA) principles used to manage risks related to the use, processing, storage, and transmission of information or data. Knowledge of current healthcare industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures, utilizing standards-based concepts, and capabilities. Knowledge of PCI DSS v3.1, PII, HIPAA

First Consultants

“Coming from a long healthcare management career primarily working in small to mid sized facilities, I find myself rejuvenated working for and with the First team.

First is truly living up to its name: when the CEO of the company flies in to meet you personally on snowy day in New England, and you are greeted with a warm and welcoming handshake in Phoenix by your colleagues, you know you have made the right decision. The flexibility, dedication to excellence, amazing team approach says it all.

The sincerely caring nature that is shown to First’s employees both personally and professionally is worth a million to me. My knowledge of the healthcare revenue cycle is definitely a benefit and I foresee that my knowledge base of Information technology and project management will be brought to an entirely new level.”

– Advisor, Phoenix, AZ

“I’m loving my engagement and I’m learning so much more than I expected. I Love this company!

My First experience is wonderful! I absolutely love Evonne, she has been so helpful in making this transition. I cannot think of any one little thing to complain about..”

– Advisor, Mississippi

“First recognizes that investing and re-investing in its people is a fundamental cornerstone of building a successful and sustainable organization.

The culture at First is truly reflective of the dignity and respect for our clients and our colleagues that is displayed by the First leadership.”

– Senior Advisor, Greater Seattle Area

Supporting Our People

First knows that prosperous employees create successful client experiences and we believe that technology can only be made meaningful through people. Our people have a superb support structure at First, creating enriched skill sets, engagements and careers. Our company is equally focused on ensuring that our employees maintain a balance with their career and family or personal lives. Our compensation, vacation policy, non-billable and bench time plans, and overall culture encourages pursuits outside of the consulting world.

Our compensation package is HIGHLY competitive and there is no relocation necessary. In addition, First has a long history of working with experienced independent consultants and paying above market rates.

First is committed to our employees while on billable engagements or not and we are constantly investing in our employees by finding new ways to function and collaborate as a one team even though we serve many clients in multiple locations.

Flexible Career Options

Salaried Employee
Join First as a full time employee and enjoy the benefits that separate our top talent from the rest of the consulting world. We offer two options to our personnel, hourly or salaried. Our compensation program is highly competitive and you will find our benefits package comprehensive.

Fixed Term Employee
First’s fixed term personnel enjoy the flexibility of a contracted relationship while holding employment status with First. This employment option allows you to choose the projects you wish to work, how long you wish to be engaged, manage travel expectations, all while remaining an employee of First. In addition, you will experience the support of the First sales, marketing, and management team.

Independent
First has many partners in our success and independent contractors are a vital component to offering our clients the most talented resources at the optimum times. The First culture and personality are important to maintain and we look for independent contractors who share the same values as our employees.

Read more about First career options.

Employee Benefits

  • Health insurance
  • Dental insurance
  • Vision insurance
  • Life insurance
  • Health saving account
  • 401K
  • Long/short term disability
  • Paid time off
  • Laptop provided
  • Emerson Rewards and Recognition Program
  • Paid Education and Training