Senior Security Analyst

Ambit Group
Washington, DC
Jul 30, 2021
Aug 01, 2021
Full Time
Ambit + Greenzone is looking for a Senior Security Analyst to join a new 70+ person Federal program. Security Support Services are necessary for the day-to-day administration of enterprise application suites typically including documentation, Security Assessment and Authorization (SA&A) activities, continuous monitoring, resolve POA&M, update and maintain SSP documentation, periodic internal and external audits, and make recommendations as needed to improve the overall security of the applications portfolio. Responsibilities: * Responsible for continuous monitoring activities for systems to include monitoring for security threats, performing access reviews, reviewing and developing mitigations for vulnerability assessment reports, and proposing enhancements for systems security. * Support security operations centers (or similar capabilities) in supporting systems reviews and potential incident investigations. * Maintain knowledge of the security architecture and the business purpose of systems. * Document and maintain knowledge of all relevant NIST 800-53 controls for each IT system for which the ISSO is responsible. * Certify the SA&A process is successfully completed in accordance with established schedules and maintained for all systems for which the ISSO is assigned. * Certify SA&A documentation leverages all approved templates, forms, regulations, and methods. * Update SSPs semi-annually and document any changes. * Certify the accuracy of continuous monitoring information for assigned systems. * Work with the System Owner to track and manage system POA&M. * Advise on proposed architecture or configuration changes using the established change and configuration management process. * Certify software planned to be introduced to the production environment is evaluated and provide guidance regarding the potential for the software to introduce risk into the environment. * Support the agency on periodic internal and external audits including support for the execution of identified corrective action plans as needed. * Evaluate and advise on all access requests for privileged accounts to IT systems. * Support and produce any artifacts that are required for Ongoing Authorization and the NIST Cyber Security Framework (CSF). Requirements: * Bachelor's degree in Computer Science, Information Systems, or another related field is required * Must be a US Citizen and able to obtain and maintain a government security clearance * One of the following certifications: Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Information System Auditor (CISA) * At least 10 years of experience in Cyber Security management, operational, and/or technical activities * At least 6 years of experience performing or supporting the responsibilities of an ISSO in a US Government environment * At least 6 years of experience in National Institute of Standards (NIST) cybersecurity standards and best practices * Knowledge of US Government security regulations and methodologies, FISMA, FedRAMP, and NIST special publications Location: Washington, DC (Due to COVID-19, on-site client work has been suspended until further notice) The Ambit Way We embody the name of the firm in our culture. Our ambit, or sphere of influence, is one in which all members have a voice and all are committed to outcomes. We understand that work, family and community co-exist, when any element is out of balance, all suffer. Our policies are family-centric, provide flexible work schedules, job sharing and cross-training that meet client requirements and support our employees. We focus on more than the task at hand, we focus on the entirety of our ambit. There is no job too large and no task too low - we function as ONE#06022021