The Security Analyst will oversee, evaluate, and support the documentation, validation, and accreditation processes necessary to assure that IT systems meet the organization’s security requirements:
• Respond to crisis or urgent situations within the system to mitigate immediate and potential threats.
• Use mitigation, preparedness, and response and recovery approaches, as needed, to maximize information security.
• Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
• Provide security advice and recommendations to leadership and staff based on NIST and FIPS guidelines.
• Analyze system security assessment reports.
• Develop estimates of the security risks associated with deployment of new technologies.
• Use defensive measures and information collected from a variety of sources to identify, analyze, and report events
Qualifications
• A bachelor's degree in information technology systems, computer science, or a related field and experience in information technology systems or a related area
• At least 3 years of information security experience, including documenting system security controls in place to support the Assessment and Authorization processes.
• CompTIA Security + certification
• Experience using Nessus, AIDE, Windows, Linux/RHEL
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
Requirements
• 1-2 years of professional experience supporting information security/assurance programs, policies, processes, and operational procedures per various standard security frameworks/laws/standards/directives, e.g.: FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act
• Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974
• Experience writing System Security Plans using-depth knowledge of the NIST 800-53 security control requirements and standard methods for implementing security controls.
• Understanding of risk assessment and risk management concepts, including POA&M support
• Practical knowledge of IT System contingency planning and incident response
• Good understanding of continuous monitoring and continuous authorization concepts
• Good understanding of protection of PII and PIA concepts
• Expert use of MS Office, especially Word, PowerPoint and Outlook
• Good ability to articulate technical concepts, especially in the audit review process
• Must be a US Citizen
EOE M/F/D/V
|
