Logo
AgileTek Solution LLC

Mid-Level System Security Analyst

AgileTek Solution LLC, Ashburn, Virginia, United States, 22011


Minimum Job Requirements:

This role serves as a "hands-on" mid-level security analyst who will be responsible for interfacing with the security engineering, operations and build teams, assisting with the development and/or maintenance of various POAMs, input to System Security Plans (SSP) and associated documentation for multiple environments, gathering scan results, conducting analysis on scan results, providing recommendations for vulnerability remediation or mitigations and providing information on the current risk and vulnerabilities. This position will assist with ongoing continuous monitoring activities on a daily, quarterly or annual basis. Additionally, this role will assist with the security assessments (i.e. FedRAMP, FISMA, HIPAA, SOC, etc.), to include supporting collection of evidence. A thorough understanding of vulnerability management (scans, assessment findings, deviation requests, etc.) in order to maintain a secure posture is required.

The Security Analyst will be responsible for

Continuous Monitoring Support

for the various environments; which may include development of the metrics / trends, analysis of scan results, assisting with the FedRAMP, FISMA, IRAP, etc authorization processes to include scan analysis and deviation requests, and briefing of status, as required. This role serves as a mid level security analyst who assists with the continuous monitoring process, and can provide thoughtful recommendations on remediation / mitigation, as well as development of associated processes and procedures. This role must communicate between security, engineering, development and operations teams as required, and be able to interpret and document the results of data gathering. Key deliverables for success will be maintenance of various conmon activities (i.e. scan execution, review and analysis, POAM maintenance, etc.); ensuring processes and procedures are current and followed, and provides management with a status of the security posture of the environment.

In Summary, this position needs to be able execute the following:

Gather information, understand architecture diagrams and implementation of the scans configuration through interfacing with the security engineering, operations and build teamsDevelop security documentation such as, but not limited to, conmon plans, procedures and processes, and standard operating proceduresAnalysis various scans for application, operating system and containers, to include accuracyReview and maintain POAM manually as well as via automated toolsMaintain, via review and update, of all POAM inputs, including vendor and operational dependencies.Understand the intent of the FedRAMP/FISMA security controls and communicate as neededAssist with the FedRAMP/StateRAMP or FISMA authorization to include, but not limited to, prep of ISSE and operations team through mock interviews, update/explanation of documentation and processes as required, and support FedRAMP PMO/Agency /CISO requestsAssist with ITAR/EAR, HIPAA, PCI DSS, ISO, SOC assessments to obtain/maintain certifications, as requiredThe general qualifications for a mid-level security analyst - conmon consists of:

Experience with Cloud technologies, especially AWS, Azure, and/or Goggle CloudExperience with FedRAMP and/or other authorization processes and NIST risk management frameworkExperience in developing, evaluating, and implementing information security architectures, technologies, standards, and practices to secure applications and IT systems, desirableExperience in vulnerability management to include analysis of App, O/S and Container scansDevelopment of security documentation such as conmon plans, policies, procedures, etc., based on NIST SP 800-53 security controls and FedRAMP CONMON.Flexible, self-motivated, and able to work independently and communications with other teams in a fast paced environmentExcellent communication skills (oral and written) and the proven ability to work effectively with all levels of IT and business management.Experience in writing or executing system security documentation, authorization to operate packages, POA&Ms, and policies.Experience in reviewing/editing/writing technical documentsSkill in preparing and making written and oral presentations of complex technical nature.Experience using ticketing systems such as JIRADemonstrated ability to coordinate multiple tasksU.S. PersonProfessional industry certifications in area of expertise desired