Type: Full time
The Security Analyst, Senior's main focus is on annual audits, compliance, privacy laws and submitting Authority to Operate (ATO) packages. The analyst is responsible to monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, networks, databases, and Web-based security. The analyst conducts compliance vulnerability assessments and monitors systems, networks, databases, and Web for potential system breaches. The analyst recommends and implements changes to enhance systems security based off of annual audits. The analyst may also oversee internal or external systems security (i.e. cloud services).
Major Responsibilities & Weights
40%: Authors and verifies Authority to Operate (ATO) documentation such as System Security Plans and Risk Assessments. Works with security officers to determine system categorization, e-Authentication requirements, and assists in the development of the Privacy Impact Assessments and Security Impact Assessments.
20%: Leads efforts to ensure our annual third-party security assessments occur for the analyst's respective FISMA systems.
20%: Coordinates and develops Plans of Action and Milestones (POA&Ms) and tracks and reports on each issue monthly.
20%: With guidance from the Security Manager, develops annual contingency planning efforts, and executes table-top testing exercises as dictated by the customer. Identifies and quantifies business risks. Coordinates and supports the Security Operations team with scan/audit findings and works towards evidence of closure.
· Associate’s Degree
· Type of Credentials/Licenses
o CISSP, CISM, CISA, CAP, or similar level industry security certification.
· Related Work Experience
o 4-6 years
· Work Experience / Skills / Abilities Required
o General IT knowledge in two or more of the following areas
- Cloud Environments
- Operating Systems (Solaris, RHEL, and/or Windows)
- Application Development
- Project Management
· Strong time management skills
· Self-starter and quick learner with innovative thinking
· Security framework, preferably CMS or HHS
· Prior experience with the ATO and SDLC processes in government environments
· Prior experience performing Risk Assessments (RAs), Security Impact Assessments (SIAs), assisting with System of Records Notice (SORNs) development, Privacy Impact Assessments (PIAs), developing Contingency Plans (CPs)
· Prior experience in developing and executing Table-Top tests (TTTs)
· Prior experience in developing effective POA&Ms and review those created by other analysts
Scope of Position
· Individual Contributor
o This position is an individual contributor and has no supervisory responsibilities. Provides functional expertise through day-to-day work tasks. Works under the supervision of management.