Lantana Consulting Group provides services and software for standards-based health-information exchange. We have established ourselves as a trusted leader in the industry with two decades of expertise in developing and deploying technical specifications and interoperability solutions. As a rapidly growing distributed, employee-owned company, we hire exceptional talent nationwide and offer flexible remote work arrangements. We take pride in our mission to improve public health and quality of care and to advance research.

Primary purpose: 

Responsible for developing, implementing, and managing the company’s IT security program. Takes ownership of security operations to protect systems, data, and networks from emerging threats while complying with all security and privacy requirements. 

A successful candidate will do the following:

• Perform internal audits, conduct vulnerability and penetration testing, and ensure that security controls are fully implemented and continuously monitored 
• Lead the definition, implementation, and ongoing governance of security architecture for internal IT and designated projects, programs, and products 
• Leverage the Unified Architecture Framework (UAF) to embed security considerations across the enterprise by identifying security assets, evaluating risks, and applying appropriate security controls throughout system lifecycles 
• Assess the organization’s current security posture, design and refine architecture-level mitigations, and establish sustainable processes for monitoring, incident response, and audit readiness 
• Act as both a strategist and a hands-on technologist; manage security tools, conduct internal assessments, and collaborate with system and network teams to integrate security as a cross-cutting concern across all operational and technical domains
• Provide the leadership, expertise, and accountability necessary to ensure resilient, compliant, and well-architected security across enterprise systems
• Collaborate with the IT infrastructure and DevOps teams to maintain secure configurations and compliance with security and privacy requirements 
• Communicate clearly with leadership, report on risk and readiness, and develop practical security roadmaps that keep pace with evolving threats 
• Apply NIST 800-53, FedRAMP Moderate, and CMMC 2.0 control requirements to Cloud and on-premises environments through documented policies, procedures, and technical safeguards
• Maintain HIPAA-compliant configurations for systems handling ePHI, including access controls, encryption, and audit logging within Microsoft 365 and other regulated platforms
• Support security assessments, evidence collection, and control audits across multiple frameworks to contribute to compliance reporting, continuous monitoring, and certification-readiness efforts
• Implement, configure, and maintain controls for intrusion detection and prevention within the Microsoft 365 security ecosystem, including Defender ATP, Sentinel, and integration with network IDS/IPS tools where applicable
• Assess complex security challenges, evaluate alternatives, and develop effective, compliant solutions across diverse technical environments
• Support zero-trust architecture initiatives through authentication hardening, network segmentation, and endpoint control
• Collaborate with DevOps and application teams to integrate security automation and continuous monitoring into CI/CD pipelines
• Conduct periodic reviews of encryption and key management practices to adhere to policy and evolving best practices

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field with at least nine (9) years of progressive work experience; or equivalent combination of education and experience
• Minimum of three (3) years of experience in IT security administration or engineering
• Strong understanding of NIST 800-53R5/171R3, FedRAMP Moderate, HIPAA, and overarching governance frameworks such as the NIST Cybersecurity Framework (CSF) and CMMC 2.0; and how these models align and reinforce one another across enterprise security programs
• Proven ability to translate policies and standards into actionable technical tasks and measurable outcomes
• Demonstrated ability to own and mature an organization’s IT security capability
• Experience with Microsoft Defender ATP, Intune, and Purview, including alert management and tuning
• Solid understanding of Cloud and endpoint security tools such as Grafana and/or Splunk
• Experience conducting internal security audits and preparing for external compliance reviews
• Strong understanding of network security principles, including firewalls, VPNs, and access control
• Exceptional communication skills, including the ability to clearly articulate security risks, requirements, and architectural decisions; and document processes, shepherd approvals, and escalate issues or risks in a timely and effective manner
• Strong analytical and problem-solving abilities
• Familiarity with automation scripting in PowerShell or Python for audit and monitoring tasks
• Must be able to obtain and maintain a Public Trust Level 5 clearance

Preferred qualifications:

• Demonstrated progression from technical roles (System or Network Administrator) to security-focused responsibilities
• Experience supporting security operations in federal or healthcare IT environments
• Certifications such as CompTIA Security+, CISSP, or Certified Ethical Hacker (CEH)
• Experience with Azure tools for security configuration and Cloud compliance
• Proven success leading incident response efforts or managing security incidents
• Familiarity with OWASP (Open Worldwide Application Security Project) testing methodologies or tools (e.g., ZAP, Burp Suite)
• Experience developing and maintaining system security plans (SSPs) and Plan of Action and Milestones (POA&Ms)
• Strong understanding of security protocols and underlying encryption algorithms such as TLS/SSL, SSH, IPSec, S/MIME, and HTTPS

Additional information:

• We are a remote organization, but we prioritize in-person collaboration during key events such as our annual company meeting. 
• We are an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.
• For this position, the candidate must reside in the United States.