Information Security Analyst - Washington, United States - Super Systems Inc

Super Systems Inc

Verified Company

Washington, United States

3 weeks ago

Posted by:

Mark Lane

beBee recruiter

Description

This role is hybrid

2x a week onsite3x a week REMOTE

The Senior Information Systems Security Analyst will support IT management with control assessment, development, and maintenance, and risk assessment and response development.

Specifically, this job requires the following:

Develop and maintain IT security controls per NIST SP and Agency Security Policy standards.
Consult with experts to ensure work instructions align with agency security standards.
Conduct risk assessments for security issues and propose resolutions.
Document and communicate control deficiencies for POA&M consideration.
Support Continuous Security Monitoring for compliance with agency Security Policy
Assist in developing security policies, ensuring compliance, and updating documentation.
Review and assess POA&M outputs, recommending additional work or closure.
Support IT Governance, Risk, and Compliance activities, including standards management.
Provide information for status reports, briefings, schedules, and project plans in written and oral form.

Qualifications

One or more current Security certifications (CISSP, CISM, Security+).
Experience serving in an information system engineer/administrator role implementing security controls.

REQUIRED SKILLS:

A solid understanding of IT security controls, tools, and concepts.
Experience working in a technical environment with IT platforms such as Microsoft Office 365, Azure, Cisco, Oracle, etc.
Understanding of OMB M2209 and EO 1402
Experience with NIST Risk Management and Cybersecurity Framework, FISMA, NIST 80053, and IT control processes.
Experience implementing security measures within information systems engineering projects.
Knowledge of cloud security principles and best practices, particularly for major cloud platforms like AWS, Azure, or Google Cloud.
Familiarity with GRC frameworks/tools (Archer, eMASS, CSAM) and SA&A tools (Xacta).
Knowledge of cyberattack patterns, Tactics, Techniques, and Procedures.
Ability to adapt security processes/tools to evolving landscapes and risk scenarios.
Proficiency in network security principles, including firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and secure network architectures.
Strong understanding of operating systems (e.g., Windows, Linux/Unix) and their security features and vulnerabilities.
Knowledge of encryption protocols and techniques, such as SSL/TLS, AES, RSA, etc.
Familiarity with security assessment tools and techniques, including vulnerability scanning, penetration testing, and ethical hacking.
Experience with security information and event management (SIEM) systems for log analysis and threat detection.
Fluency in spoken/written English for technical content, with strong communication skills.
Experience producing highquality deliverables with mínimal edits, quick review, and feedback on federal security doctrine.
Ability to thrive in a fastpaced environment, outstanding customer service skills.
Ability to document processes, explain complex policies in simple terms.
Familiarity with latest IT trends, security standards, excellent analytical thinking, and problemsolving skills.

Pay:
$115, $130,000.00 per year

Benefits:

401(k)
Dental insurance
Health insurance
Paid time off
Vision insurance

Compensation package:

Weekly pay
Yearly pay

Experience level:

7 years

Schedule:

Monday to Friday

Education:

Bachelor's (required)

Experience:

- information system engineer/administrator: 7 years (required)
- implementing security controls: 5 years (preferred)

Understanding of OMB M2209 and EO 1402

8: 3 years (required)

NIST Risk Management and

Cybersecurity Framework: 4 years (required)

FISMA, NIST 80053, and IT control processes: 4 years (required)
Working in an

Azure Environment: 3 years (required)

GRC frameworks (eMASS, CSAM) and SA&A tools (Xacta): 1 year (required)
Knowledge of cyberattack patterns: 1 year (required)

- network security principles (firewalls, intrusion (IDS/IPS): 3 years (required)
- security information and event management (SIEM) systems: 3 years (required)

Security clearance: