Full-Time, Direct Hire Position with Full Benefits and Matching 401(k) Plan
Work Location: Columbia, MD
The Security Analyst is responsible for developing FISMA security packages for Federal government and commercial clients. This position is equivalent to an Information System Security Officer (ISSO) role and is responsible for performing Security Assessment and Authorization (SA&A) activities for client systems in accordance with NIST 800-series guidance. This role performs tasks related to the planning and preparation of security documentation related to the SA&A process. The individual has a strong understanding of the NIST RMF in addition to NIST SP 800-53 security controls and NIST 800-53A testing guidance.
The Security Analyst works closely with system stakeholders to document system information, consult on system/authorization boundary topics, and ensure that applicable security controls are identified and documented appropriately. In addition, the Security Analyst provides support during the assessments of systems to which he/she is assigned by assisting with the tracking and gathering of evidentiary artifacts in addition to the testing of information systems. After authorization of the system, the Security Analyst supports continuous monitoring by assisting with the scheduling of monitoring activities, maintaining system and security documentation, performing annual assessments, and tracking Plan of Action and Milestones (POA&M) entries.
- Coordinate with the customer regarding status of consulting and assessment projects.
- Support the performance of assessments via participation in interviews in addition to the identification and gathering of evidentiary artifacts.
- Facilitate and support the initial and ongoing authorization of information systems.
- Effectively communicate technical information to non-technical personnel.
- Evaluate and manage the remediation of system vulnerabilities.
Develop briefings and presentations.
- Perform account compliance reviews to support client access control processes.
- Provide security recommendations to the PM – Senior Security Analysts.
- Develop deliverables associated with a FISMA security package including, but not limited to: System Security Plan, Information System Contingency Plan, Incident Response Plan, Continuous Monitoring Plan.
- Perform project tasks involving the integration of tools or methodologies to resolve organizational and system security problems.
- Provide IT security guidance to Information System Owners.
- Gather and organize technical information about information systems.
- Perform boundary scoping exercises and architecture reviews.
- Support the performance of security assessments.
- Gather and organize artifacts in preparation for security assessments.
- Maintain information system component inventories.
- Track and update POA&M entries.
- Bachelor’s degree in Cyber Security, Computer Science, or related discipline.
- 3+ years of relevant industry experience in performing tasks associated with the Risk Management Framework (with at least 3 being in IT security audit, assessment, compliance, or risk management).
- At least 3 years of experience with FISMA consulting and assessment projects.
- Experience with SPLUNK is highly preferable.
- Thorough understanding of FISMA requirements and NIST guidance.
- Must be able to work both independently and in a team environment.
- Must have strong written, verbal, and presentation communication skills.
- At least ONE IT security-related industry certifications such as a CAP, CCSK, CISA, CISM, CISSP, CCSP, CRISC, CCISO, or Amazon Web Services (AWS)/Google Cloud Platform (GCP)/Microsoft Azure specific certifications.
- Experience using security tools, such as Nessus, WebInspect, AppDetective, and others.
To apply for this job email your details to email@example.com