Senior Security Analyst

Senior Security Analyst

Requirements

• Ability to OBTAIN and MAINTAIN a Federal or DoD Public Trust
• Bachelor’s Degree
• EIGHT (8) or more years of experience relevant to Cybersecurity, Security Engineering, Security System Design, Security Controls, Zero Trust and/or Cloud Security

Responsibilities

• Analyze and report organizational and system security posture trends.
• Apply security policies to meet security objectives of the system.
• Assess adequate access controls based on principles of least privilege and need-to-know, and their effectiveness.
• Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
• Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed.
• Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
• Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
• Plan and recommend modifications or adjustments based on exercise results or system environment.
• Properly document all systems security implementation, operations and maintenance activities and update as necessary.
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
• Verify and update security documentation reflecting the application/system security design features.
• Verify minimum security requirements are in place for all applications.

Preferred Qualifications

• Master’s Degree preferred
• Certifications CISSP, CISSP, or relevant certifications
• Operational experience securing Cloud solutions (GCP preferred)
• Experience in professional services consultancy and federal cyber security industry.
• IT risk management policies, requirements, and procedures.
• PII/SPII data security standards.
• Network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
• Security controls based on cybersecurity principles and tenets, NIST SP 800-53, CSF.
• Skill in developing and applying security system access controls, security system design tools, methods, and techniques, security management, systems security testing and evaluation methods, use network analysis tools to identify vulnerabilities, systems security testing and evaluation methods.
• Demonstrated experience providing security engineering and integration support to protect the confidentiality, integrity and availability of an organization’s systems and application data
• Strong knowledge of FISMA, FedRAMP, NIST SP 800-53 and other federal cybersecurity related policies, directives, and mandates. (ATO, POA&M, TRM, etc.)
• Demonstrated ability to work independently under general direction
• Hands-on experience in providing security engineering and integration support to protect the confidentiality, integrity and availability of an organization’s systems and application data.