Senior Information Security Analyst

ROLE & RESPONSIBILITIES: 

• Create/Update all client security deliverables (SSP, CP, ISRA, CP, PTA/PIA, etc.)
• Work with team members to ensure security functions are implemented for the program(s) that are under their care.
• Act as a trusted advisor for security matters for their programs and provide training on security items when needed.
• Act as a bridge between client security teams and project teams to bridge the gap between compliance and technical security issues and both teams.
• Ensure proper testing occurs and manage the vulnerability process in the scope of the program.
• Translate technical security findings (pen tests, ACT, fortify, Tenable, etc.) to practical issues, and guide teams to appropriate preventative and corrective action.
• Review program procedures and outputs and implement corrective action when needed.
• Act as a liaison for the program to client security teams.
• Support corporate security as needed.

REQUIRED EXPERIENCE:  

• Experience in multiple aspects of FISMA, 4+ years.
• Experience in an agile CI/CD development environment with a focusing on the testing and assessment functions (technical assessment and understanding (dev/sec/ops)
• Experience in in Agile development and operations support, in respect to FISMA SP 800-53 guidelines.
• Excellent writing and communication skills
• Experience in understanding security testing reports.
• Experience in managing an audit for a program (SCA/ACT, A-123, IRS 1070, etc.)
• Experience with cloud-based systems (e.g., AWS, Salesforce)
• Experience in creating and maintaining the deliverables for the NIST RMF (800-series)
• Experience in the performing application-level testing (CP functional and tabletop testing required)
• Experience in performing risk assessments.
• Experience running meetings and holding team members to deadlines.

PREFERRED EXPERIENCE:  

• Experience with CMS security.

EDUCATION & CERTIFICATIONS: 

• 4-6 years of experience in the required skill set (note CISSP requires 5 years in the required skill sets.
• CISSP required (note that CAP does not qualify).
• Bachelor’s Degree is preferred.