Candidate must be local to Michigan.
Hybrid work schedule - 2 days/week in office.
Salary: 65 to 80K.
We are seeking an IT Security Analyst I to maintain System Security Plans (SSP) for new and existing systems. This requires close coordination with IT project teams, business and enterprise security representatives, and product owners, to establish and maintain processes and controls for security vulnerability remediation.
Skillsets Required:
* Experience in the IT industry analyzing and applying information security principles and practices
Required: 1 Years
* Experience reviewing IT systems/applications plus basic knowledge of networking components and
various operating systems Required: 1 Years
* Experience analyzing the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3,4
or 5, and 800-53A Revision 1. Required: 1 Years
* Experience with other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory
requirements is a plus Nice to have: 2 years
* CISSP, CISA, PMP and/or Security+ certification Nice to have
* Experience working with software vendors to implement security controls Nice to have
Responsibilities:
* Create system security plans (SSP) for new applications in alignment with the Secure Application Development Life Cycle (SADLC) and Michigan Security Accreditation Process (MiSAP).
* Maintain SSPs for existing applications requiring authority to operate (ATO) and those facing software
and/or hardware enhancements.
* Continuously monitor plans of action and milestones (POA&M) and corrective action plans (CAP) as they
relate to the SSPs in collaboration with the MDOT Enterprise Information Management (EIM) office.
* Validate respective SSPs to ensure NIST control requirements are met.
* Author recommendations associated with your findings on how to improve the customer’s security posture
in accordance with SOM PSP & NIST controls.
* Assist team members and vendors with proper artifact collection to satisfy assessment requirements.