Senior Information Security Analyst (Remote)

Rockville , MD
Jan 26, 2023
Feb 01, 2023
Research, Security
Full Time
Westat is an employee-owned corporation providing research services to agencies of the U.S. Government, as well as businesses, foundations, and state and local governments. Westat's research, technical, and administrative staff of more than 2,000 is located at our headquarters in Rockville, Maryland, near Washington, DC.

Westat is committed to building a diverse workforce and a culture of inclusivity, belonging and equity for all. We believe that our greatest strength draws on the different backgrounds, cultures, perspectives and experiences of our employees.

Job Summary:
Westat is seeking a Senior Information Security analyst who can assist in planning and implementing security measures to protect computer systems, networks and data. The individual in this position interacts closely with product vendors and service providers, personnel from various Westat IT departments including the application development, operations and network, and privacy teams and with business departments.

Job Responsibilities:
•    Plan and implement security measures to protect computer systems, networks and data.
•    Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
•    Draft FISMA security authorization document packages for project information systems.
•    Identifies and facilitates implementation of appropriate controls to effectively manage information risks as needed in standard platform configurations for on premises, AWS, and Azure systems.
•    Conduct forensic analysis and investigation of incidents and/or data issues.
•    Perform threat and vulnerability assessments, in some cases followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities.
•    Create, collect information, and maintain Westat security assessment Evidence Library.
•    Analyze and review program efforts relative to analysis and design, software quality assurance (QA), and security requirements management of client initiatives.
•    Provide security related technical support in assisting during the development of release/build scope plans, risk management, and schedules to maintain compliance with the client software development process.
•    Offer assistance during the development of user acceptance testing procedures to ensure security controls performed as intended in a production environment prior to deployment.
•    Provides consultative advice to personnel to enable them to suggest informed risk management decisions.
•    Deliver or facilitate training for secure software coding practices to software developers.
•    Maintain network security diagrams.
•    Participate in information security working groups.

Basic Qualifications:
•    A bachelor's degree, preferably in an IT related field is required.
•    At least 5 years of experience.

Preferred Qualifications:
•    Experience with Cyber Security Assessment and Management (CSAM).
•    Experience in implementing risk management program by utilizing CIS-Benchmarks, NIST, RMF, HIPPA, HITRUST, and FISMA compliance.
•    Experience testing system security controls and determining security compliance with requirements.
•    Familiarity with the software development lifecycle processes.
•    Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response and identity and access management.
•    Experience in developing, documenting and maintaining security procedures.
•    Experience creating and implementing standard, hardened system configurations.
•    Experience using network security monitoring tools like Splunk, Fire Eye, Security Center.
•    Knowledge of security and software development frameworks and standards.
•    Ability to implement and operate intrusion detection and prevention systems.
•    Experience with SIEM and search tools like Elasticsearch and LogRythm.
•    Knowledge of cloud, containers, and DevSecOps security.

Westat offers a well-rounded and comprehensive benefits program focused on wellness and work/life balance. Eligible employees may participate in:
  • Employee Stock Ownership Plan
  • 401(k) Retirement Plan
  • Paid Parental Leave
  • Vacation Leave
  • Sick Leave
  • Holiday Leave
  • Professional Development
  • Health Advocate
  • Employee Assistance Program
  • Travel Accident Insurance
  • Medical Insurance
  • Dental Insurance
  • Vision Insurance
  • Short Term Disability Insurance
  • Long Term Disability Insurance
  • Life and AD&D Insurance
  • Critical Illness Insurance
  • Supplemental Life Insurance
  • Flexible Spending Account
  • Health Savings Account

Westat is an Equal Opportunity Employer and does not discriminate on the basis of race, creed, color, religion, sex, national origin, age, veteran status, disability, marital status, sexual orientation, citizenship status, genetic information, gender identity or expression, or any other protected status under applicable law.


Similar jobs