Title IT Security Analyst 1 Location Lansing, MI (Hybrid Locals Only) Duration 12 Months Job Type C2C,W2 Job Description
Position Description:
IT Security Analyst I with the Department of Technology, Management, and Budget (DTMB) Agency Services supporting the Michigan Department of Transportation (MDOT).
Detailed Job Duties:
- The IT Security Analyst is responsible for completing and maintaining system security plans (SSP) for new and existing systems.
- This requires close coordination with IT project teams, business and enterprise security representatives, and product owners, to establish and maintain processes and controls for security vulnerability remediation.
Responsibilities:
- Create system security plans (SSP) for new applications in alignment with the Secure Application Development Life Cycle (SADLC) and Michigan Security Accreditation Process (MiSAP).
- Maintain SSPs for existing applications requiring authority to operate (ATO) and those facing software and/or hardware enhancements.
- Continuously monitor plans of action and milestones (POA&M) and corrective action plans (CAP) as they relate to the SSPs in collaboration with the MDOT Enterprise Information Management (EIM) office.
- Validate respective SSPs to ensure NIST control requirements are met.
- Author recommendations associated with your findings on how to improve the customer's security posture in accordance with SOM PSP & NIST controls.
- Assist team members and vendors with proper artifact collection to satisfy assessment requirements.
Skillsets Required:
- Experience in the IT industry analyzing and applying information security principles and practices Required: 1 Years
- Experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems Required: 1 Years
- Experience analyzing the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3,4 or 5, and 800-53A Revision 1. Required: 1 Years
- Experience with other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements is a plus Nice to have: 2 years
- CISSP, CISA, PMP and/or Security+ certification Nice to have
- Experience working with software vendors to implement security controls Nice to have
- Experience working independently and in a team environment
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
- Ability to collaborate on multiple projects/efforts at a given time
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change
