Job Description:
As an IT Security Analyst, you will be responsible for completing and maintaining system security plans (SSP) for new and existing systems. This role requires close coordination with IT project teams, business and enterprise security representatives, and product owners to establish and maintain processes and controls for security vulnerability remediation.
Key Responsibilities:
- Create system security plans (SSP) for new applications in alignment with the Secure Application Development Life Cycle (SADLC) and Client’s Security Accreditation Process
- Maintain SSPs for existing applications requiring authority to operate (ATO) and those facing software and/or hardware enhancements
- Continuously monitor plans of action and milestones (POA&M) and corrective action plans (CAP) as they relate to the SSPs in collaboration with the Client Enterprise Information Management (EIM) office
- Validate respective SSPs to ensure NIST control requirements are met
- Author recommendations on how to improve the customer’s security posture in accordance with SOM PSP & NIST controls
- Assist team members and vendors with proper artifact collection to satisfy assessment requirements
Required Skills, Experiences, Education and Competencies:
- Experience in the IT industry analyzing and applying information security principles and practices (Required: 1 Year)
- Experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems (Required: 1 Year)
- Experience analyzing applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3, 4 or 5, and 800-53A Revision 1 (Required: 1 Year)
- Experience with other security frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements is a plus (Nice to have: 2 years)
- CISSP, CISA, PMP, and/or Security+ certification (Nice to have)
- Experience working with software vendors to implement security controls (Nice to have)
- Experience working independently and in a team environment
- Strong written and verbal communication skills, including the ability to explain technical matters to a non-technical audience
- Ability to collaborate on multiple projects/efforts at a given time
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change
The hourly range for roles of this nature are $40.00 to $80.00/hr. Rates are heavily dependent on skills, experience, location, and industry.
cyberThink is an Equal Opportunity Employer.
