Security Analyst

Employer
Provato Inc.
Location
Washington, DC
Posted
Apr 20, 2017
Closes
Apr 21, 2017
Industry
Security
Hours
Full Time
Position Title: Security Analyst Start Date: ASAP Clearance Requirements: US citizen with a valid federal clearance at the secret level or above, completed a federal background investigation based on the SF 86 National Security Questionnaire within the last five (5) years. Must have completed federal background investigation resulting in a NACI with PIV badge from a federal department or agency within the last three years. Location: 1750 Pennsylvania Avenue NW, Washington DC, 20006 Travel: Minimal Period of Performance: Through September, 30, 2017, with an additional six-month optional clause Job Description:Provide technical security consulting and support services to assist the Government in carrying out its IT (Cyber) security oversight responsibilities for planning and managing the implementation, operation, maintenance and upgrade of systems that comprise a shared service IT portfolio.Provide secure architecture design/review, information assurance including security project management, operational security assessments and other related initiatives.Perform Information System Security Officer (ISSO) support services for multiple systems in accordance with Federal regulations & standards (FISMA, NIST, etc.) and agency & departmental policy and guidanceAssist System Owners with annual assessments and three-year ATO assessmentsLiaise with OCIO Cybersecurity and the Government CISORespond to internal Government audit inquiries with quick turnaround timeRespond to customer requests to review Security Authorization packagesReport security incidents to Government incident response POCProvide oversight of FedRAMP systems, both Government and vendor operatedAdvise System Owners and Program Managers on FedRAMP and FISMA requirements and processesPrepare reports and presentations required for communicating findings and recommended solutions to the Government Required Skills:Possess a detailed knowledge of security analysis methodologies of threats and vulnerabilitiesAbility to identify organizational security weaknesses in logical security controls; physical security controls; personnel controls; operational security; training, incident and emergency response; and with the integrity of software applications and dataAbility to develop and document customer-focused security requirements and policies, based on FIPS 199 Security Categorization and Government policiesExperience developing, assessing, reviewing, and updating Security Assessment & Authorization (SA&A) documentation to satisfy NIST Risk Management Framework and FISMA requirements for non-DOD federal agencies, to include:Developing and maintaining System Security PlansPerforming Security Impact Assessments on system change requestsManaging FISMA artifacts in a system of record (eg, Xacta, TAF)Assisting system owners in documenting and remediating POA&Ms for their systemsAbility to understand vulnerability assessment results and analysis on networks, servers, websites, databases, applications, and assist with other assessment activitiesPossess an expert level knowledge of federal regulations governing information security (FISMA, NIST FIPS, etc.)Experience in SaaS and PaaS environments (eg, AWS, Azure, private cloud, etc.)Specialized experience shall also include knowledge and expertise in such areas as the following:Analysis of Information Systems architecturesReviews of system data to identify security events and trendsIdentification of system monitoring reports tailored to the system's needs and identified baselineSecurity project managementSecure systems engineeringAgile development processesSecure integrated network managementFederal risk analysis based on NIST 800-30, Rev 1, Guide for Conducting Risk AssessmentsSecurity business process analysis, development, execution and reporting procedures based on NIST 800-65, Integrating Security into the Capital Planning and Investment Control ProcessProficient with Microsoft Office suite of products including Outlook, Explorer, Word, Excel, PowerPoint, Project Server, JIRA ticketing system, SharePoint 2013, and Visio, plus any IT security specific software requiredExcellent presentation, written, and verbal communication skillsHigh energy, strong work ethic, and able to perform within condensed timeframesProfessional demeanor and attitude Education /Certification Requirements:BA/BS degree in a related disciplineSix (6) years direct work experienceApplicable industry recognized certifications such as CISSP, GCIA, CISM, CISA, etc.Nine (9) years direct experience along with industry-recognized certifications may be substituted for educational requirementsAdvanced degrees related to computer science may also be substituted for some educational and tenure requirements