Information Security Analyst with strong technical, analytical, interpersonal, and organization skills to provide security support and expertise for a government client.
Three (3) or more years in conducting and or supporting IT detailed security assessments within a standard security framework (e.g., NIST, ISO, COBIT) including producing structured compliance management documents and report deliverables
Five (5) or more years of performing technical tasks associated with security engagements performing and documenting compliance analysis, determining remediation, and guiding remedial activities
3 or more years in performing IT operations and/or administration.
Attributes and Tasking:
Translate DoD, federal, state, and organizational compliance requirements into documented processes, procedures, guidelines, and standards.
Maintain and update documentation, processes, procedures, guidelines and standards based on FISMA standards.
Perform vulnerability management activities: identify vulnerabilities, investigate/recommend options to mitigate, coordinate/perform remediation, and validate compliance.
Implement and maintain Continuous Monitoring program.
Conduct analysis of system designs, processes, and procedures to document the applicable security controls in accordance with National Institute of Standards and Technology (NIST) 800-53 and FedRAMP guidelines and requirements.
Respond to third party test and evaluation findings to obtain system Authorization to Operate (ATO).
Demonstrable ability to interface with C- and Director-level clients with respect to comprehensive security posture assessment with a basis in compliance standards such as NIST, HIPAA, PCI, etc.
Provide project management, communications, task assignment/tracking, reporting and other activities as required to support responsibilities.
Evaluate security products and provide senior management with technical and financial decision support for the selection and integration of all security-related technologies.
Maintain ongoing industry knowledge in the following security-related areas: (a) pertinent government legislation, regulation, policies, and practices related to information systems security; (b) methodologies and best practices that are commonly used in the information systems security industry; (c) existing and emerging COTS software packages, network and telecommunications equipment that support security controls; (d) ongoing sensitivity to and analysis of threats and vulnerabilities including their potential impact on information security.
Exhibit strong writing and editing skills, as well as the ability to work closely with all business areas to develop new and existing documentation.
Review, update, and format organizational policies in accordance with applicable compliance requirements.
Aggregate, parse, rearrange, and revise current documentation according to security requirements, new standards, and formats.
Review vendor documentation for relevant content to aid in development of processes, procedures, standards, and guidelines.
Create new documentation for processes, procedures, training materials, user guides, web-based content, release notes, internal and external presentations, etc.
Support the conduct of proof-of-concept efforts for evaluation of security-related products.
Required Skills and Knowledge:
Certified Information System Security Professional (CISSP) or equivalent certification
Experience implementing the National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series and the Risk Management Framework (RMF)
Minimum of a BS Degree from an accredited college or university in Computer Science, Information Security, Engineering, or related field
Demonstrated current broad-based understanding of system architecture, computer technology, design, standards, and products based on both solid formal training and experience
Knowledge of and experience managing information security assessments including: penetration tests, physical/social engineering testing, internal network testing, policy/procedure reviews, application testing
Demonstrated skills with relationship building, oral and written communication and people management
Requires U.S. Citizenship
Desired Skills and Knowledge:
Experience in information technology services company with a high degree of involvement in cloud computing environments
Experience with scripting languages including VBscript, PowerShell, Python, traditional DOS batch files, and UNIX shell scripting.
Experience with using security scanning tools such as Nessus, MBSA
Experience with the tools such as Splunk, Tableau, AppDetective
Understanding of system design and virtualization techniques