Senior Cyber Security Analyst

Employer
Dunhill Professional Search
Location
Mclean, VA
Posted
Jun 16, 2019
Closes
Jun 19, 2019
Ref
154884033
Hours
Full Time
Seeking highly motivated, mid to senior-level, experienced, organized, and detail-oriented Information Security Specialist - support includes security and accreditation services for large scale Federal .GOV citizen-centric public websites.Job ResponsibilitiesWork closely with Security Task lead and drive security related activities related to the systems assigned. * Create and/or maintain analysis and documentation artifacts such as Systems Security Plans (SSPs), Security Controls Assessment (SCA), Information System (IS) Risk Assessment (RA), and Contingency Plans (CPs), Security Operations Monitoring and Management Standard Operating Procedures (SOPs) etc. * Support application and database penetrating testing, compliance and vulnerability scans * Review and analyze reports from Pen Testing, Compliance and vulnerability scans and advise * Perform security controls assessment based on FISMA/NIST requirements, coordinate with developer, system admin, technical lead, etc. to conduct risk assessment for any system modification/changes * As a member of incident management team, proactively handle any system security incident, * Perform security gap analysis for FedRAMP accreditation, maintain Privacy Impact Assessments (PIAs), perform routine Contingency Testing with system team and developers * Support maintenance of the current security framework to streamline system development security requirement. * Perform Security Assessments and Authorizations for in-house and cloud solutions (AWS) - with understanding of FISMA, NIST, FedRAMP, and other federal security regulations. * Perform complex risk analyses on systems which also include risk assessments with vulnerability remediation advice for compliance. * Establish and satisfy information assurance and security requirements based upon the analysis of user requirements, policy, regulatory requirements, and resource demands. * Assesses assigned system(s) to determine system security status and ensures adherence to security policy, procedures and standards. Designs and recommends security policies and procedures. * Perform Plan of Action and Milestones (POA&M) management and update POA&M database regularly. * Update CFACTS online database with security information about .gov applications and systems regularly. * Monitors and evaluates complex security systems according to industry best practices to safeguard internal information systems and databases. * Reviews security requirements and subsequently reviews systems to determine if they have been designed and established to comply with established standards. * Responds to queries and requests for computer security information and reports from both internal and external customers. * Provides recommendations for product upgrades, patches, integrations and other general security measures in order to better secure systems for Federal systems. * Develop and maintain a professional working relationship between the Federal agency data center, system maintainers, Federal information systems security officers, Cloud Service Providers (eg AWS, Azure), and other support contractors (systems development or testing etc.).Minimum QualificationsBachelor's Degree in Computer Science or a related field or equivalent experience.Relevant Work Experience: 5-10 years of experience in systems security. Other Job Specific Skills Experience with Federal Security processes such as o Processes and artifacts required to launch an application in Production o Processes and artifacts required to introduce a change to an existing system/application o Processes and artifacts required to complete Security Control Assessment o Processes and artifacts required to obtain an ATO (Authority to Operate) o Experience reviewing security artifacts and sharing relevant feedback with teams * Bachelor's degree in related field. 5+ years of experience within information assurance and cyber security area required. * Understanding of Federal and business systems security practices and procedures is required. * Experience working with federal regulations related to information security (FISMA, Computer Security Act, FedRAMP etc.) required. * Experience working with cyber security architecture/frameworks and Cloud solutions/AWS preferred. * Experience working with SIEM solutions such as Splunk preferred. * Experience working with ticket tracking systems such as Jira preferred. * Experience assisting the Federal Information Systems Security Officers (ISSO) in tracking and documenting user activity on a system and reporting any discrepancies or misuse of automated resources preferred. * Experience working with NIST Special Publications and Certification, Accreditation and Security Assessments (S&A/C&A) process methodology, continuous review, and controls review highly desirable. * Working experience with preparing security plans and all security artifacts required for certification and accreditation highly desirable. * Federal Information Security Management Act (FISMA) Controls Tracking Systems/Repositories such as FACTS or CFACTS experience highly desirable. * Related Security certifications (CISSP, CCNA, CISM, CEH etc.) desirable.#CJPOST

Similar jobs