AgileTek Solution LLC
System Security Analyst (Mid level)
AgileTek Solution LLC, Ashburn, Virginia, United States, 22011
POSITION SUMMARY -
Security Analyst (Mid-Level)
This role serves as a "hands-on" mid-level security analyst who will be responsible for interfacing with the security engineering, operations and build teams, assisting with the development and/or maintenance of various System Security Plans (SSP) and associated documentation for multiple environments, gathering the security control implementations information for the security controls and documenting their implementation in the SSP, as well as updating associated security documentation as needed (i.e., plans, procedures, processes). Additionally, this role will assist with the security assessments (i.e. FedRAMP, FISMA, HIPPA, SOC, etc.), to include supporting collection of evidence.
The Security Analyst will be responsible for maintenance of the security documentation for the various environments; which may include development of the metrics / trends, input of security documentation into Xacta, assisting with the FedRAMP or FISMA authorization processes to include prep of the operations team, and documentation summary and update as required. This role serves as a mid level security analyst who assists with the security documentation and can provide thoughtful recommendations on processes and procedures, as well as implementation of security controls. This role must communicate between security, engineering, development and operations teams as required, and be able to interpret and document the results of data gathering. Key deliverables for success will be a monthly maintenance of various POAM, security documentation in Xacta is current and useful, processes and procedures are current and up to date, and assists with assurance that all FedRAMP / FISMA security controls are successfully implemented and associated security documentation is developed and implemented.
GENERAL RESPONSIBILITES:Gather information, architecture diagrams and implementation of the security controls through interfacing with the security engineering, operations and build teamsDevelop security documentation such as, but not limited to, System Security Plans (SSP), security plans, procedures, and processesMaintain, via review and update, of all security documentationUnderstand the intent of the FedRAMP security controls, FISMA security controls and communicate as neededAssist with the FedRAMP or FISMA authorization to include, but not limited to, prep of operations team through training and mock interviews, update documentation as required, and support FedRAMP PMO/ Agency / CISO requestsGENERAL QUALIFICATIONS:
Bachelor's Degree in Computer Science / MIS / Information Technology, or equivalent experience in Information Security, Information Technology, or related technical disciplineMinimum 7 years Information Technology experienceExperience with Cloud technologies, especially AWS, Azure, and/or Goggle Cloud, desirableExperience with FedRAMP and/or other authorization processes and NIST risk management frameworkExperience in developing, evaluating, and implementing information security architectures, technologies, standards, and practices to secure applications and IT systems, desirableExperience in development of security documentation such as SSP, policies, procedures, etc.Flexible, self-motivated, and able to work independently in a fast paced environmentExcellent communication skills and the proven ability to work effectively with all levels of IT and business management.Familiarity with Testing, Development, Staging, and pre-production environment requiring cyber security support.Knowledge of Privacy Act, GDPR, and other data privacy frameworks.Experience in writing or executing system security documentation, authorization to operate packages, POA&Ms, and policies.Demonstrated experience in using Telos XactaExperience in reviewing/editing/writing technical documentsSkill in preparing and making written and oral presentations of complex technical nature.Demonstrated ability to coordinate multiple tasksU.S. PersonSPECIFIC TECHNICAL SKILLS DESIRED:
Professional industry certifications in area of expertise.Knowledge of Best Practice and security guides (ex. NIST 800-53 rev 4, NIST 800-53, FedRAMP)ISC CISSP or ISACA CISM or equivalent certification
Security Analyst (Mid-Level)
This role serves as a "hands-on" mid-level security analyst who will be responsible for interfacing with the security engineering, operations and build teams, assisting with the development and/or maintenance of various System Security Plans (SSP) and associated documentation for multiple environments, gathering the security control implementations information for the security controls and documenting their implementation in the SSP, as well as updating associated security documentation as needed (i.e., plans, procedures, processes). Additionally, this role will assist with the security assessments (i.e. FedRAMP, FISMA, HIPPA, SOC, etc.), to include supporting collection of evidence.
The Security Analyst will be responsible for maintenance of the security documentation for the various environments; which may include development of the metrics / trends, input of security documentation into Xacta, assisting with the FedRAMP or FISMA authorization processes to include prep of the operations team, and documentation summary and update as required. This role serves as a mid level security analyst who assists with the security documentation and can provide thoughtful recommendations on processes and procedures, as well as implementation of security controls. This role must communicate between security, engineering, development and operations teams as required, and be able to interpret and document the results of data gathering. Key deliverables for success will be a monthly maintenance of various POAM, security documentation in Xacta is current and useful, processes and procedures are current and up to date, and assists with assurance that all FedRAMP / FISMA security controls are successfully implemented and associated security documentation is developed and implemented.
GENERAL RESPONSIBILITES:Gather information, architecture diagrams and implementation of the security controls through interfacing with the security engineering, operations and build teamsDevelop security documentation such as, but not limited to, System Security Plans (SSP), security plans, procedures, and processesMaintain, via review and update, of all security documentationUnderstand the intent of the FedRAMP security controls, FISMA security controls and communicate as neededAssist with the FedRAMP or FISMA authorization to include, but not limited to, prep of operations team through training and mock interviews, update documentation as required, and support FedRAMP PMO/ Agency / CISO requestsGENERAL QUALIFICATIONS:
Bachelor's Degree in Computer Science / MIS / Information Technology, or equivalent experience in Information Security, Information Technology, or related technical disciplineMinimum 7 years Information Technology experienceExperience with Cloud technologies, especially AWS, Azure, and/or Goggle Cloud, desirableExperience with FedRAMP and/or other authorization processes and NIST risk management frameworkExperience in developing, evaluating, and implementing information security architectures, technologies, standards, and practices to secure applications and IT systems, desirableExperience in development of security documentation such as SSP, policies, procedures, etc.Flexible, self-motivated, and able to work independently in a fast paced environmentExcellent communication skills and the proven ability to work effectively with all levels of IT and business management.Familiarity with Testing, Development, Staging, and pre-production environment requiring cyber security support.Knowledge of Privacy Act, GDPR, and other data privacy frameworks.Experience in writing or executing system security documentation, authorization to operate packages, POA&Ms, and policies.Demonstrated experience in using Telos XactaExperience in reviewing/editing/writing technical documentsSkill in preparing and making written and oral presentations of complex technical nature.Demonstrated ability to coordinate multiple tasksU.S. PersonSPECIFIC TECHNICAL SKILLS DESIRED:
Professional industry certifications in area of expertise.Knowledge of Best Practice and security guides (ex. NIST 800-53 rev 4, NIST 800-53, FedRAMP)ISC CISSP or ISACA CISM or equivalent certification