Sr Information Security Analyst

Teracore is a Service Disabled Veteran Owned Small Business (SDVOSB) classified management consulting and information technology services firm. We are committed to creating and maintaining a corporate environment and culture that promotes long-term employment. Diverse talents help us to achieve the missions and objectives of our customers. We hope we can partner together to achieve those goals.

The Cyber Security Assessment Assessor will perform security assessments to ensure compliance with NIST 800-53A and agency-specific requirements. The position will require the ability to technically assess web applications, thick clients, and general support system security configurations and their implementation.

The Assessor will be working with a wide variety of technologies, be well versed in the current state of information security and be able to interpret the requirements of relevant governing bodies (NIST, OMB, GAO, etc.). The ideal candidate will understand the Risk Management processes for a federal client including Certification and Accreditation (C&A), FISMA self-assessments, vulnerability scans, and penetration testing.

Required Skills:

• BS preferred with education/certifications pertaining to security assessments:
  1. Expert knowledge of NIST 800-53A
  2. Knowledge of FISMA, NIST Special Publications, OMB, Risk Management Framework (RMF), FedRAMP and Information Security Continuous Monitoring (ISCM) Plan development
  3. IT security knowledge with desired Professional Certifications from (ISC)2, ISA, PMI, CompTIA, SANS
  4. Knowledge and experience with technology risk assessments covering web services, network appliances, and software
  5. Knowledge and experience with System Development Lifecycle (SDLC)
• Min 8 years cybersecurity/information security assessment experience, experience in supporting various assessments and tasks perform NIST, FISMA, OMB, Treasury, and IRM compliant Security Controls Assessments and Risk Analyses which would result in all vulnerabilities being identified
• Knowledge of the following Security engineering principles, to include:
  1. Developing layered protections
  2. Establishing sound security policy, architecture, and controls as the foundation for design
  3. Incorporating security requirements into the system development life cycle
  4. Delineating physical and logical security boundaries
  5. Ensuring that system developers are trained on how to build secure software
  6. Tailoring security controls to meet organizational and operational needs
  7. Performing threat modeling to identify use cases, threat agents, attack vectors, and attack patterns as well as compensating controls and design patterns needed to mitigate risk
• Reducing risk to acceptable levels, thus enabling informed risk management decisions 
• US Citizenship Required/Background Investigation required
• Under Executive Order 14042, proof of vaccination status maybe required for employment at Teracore effective December 8, 2021, if a medical or religious exemption is not granted.

Desired Skills:

• Prior IRS experience

This is a 5 year, fully remote contract.  If you’re interested in partnering with Teracore, let’s chat. We look forward to discussing the details with you. 

At Teracore, we support, depend and thrive on differences for the benefit of our associates and customers. Teracore is an equal opportunity employer. Employment decisions are based solely on a person's merit and professional qualifications directly related to job competence.