Responsibilities
Kforce has a client that is seeking an Associate IT Security Analyst in Sierra Vista, AZ. Duties Include:
- Responsible for the day to day operations of conducting routine IA Audits on all Information Systems (IS) to ensure the appropriate IA security controls have been applied and maintained
- Evaluate IS for compliance in accordance with Risk Management Framework (RMF) 800-53 Controls and Special Directives
- Assist with the continuous monitoring of RMF packages within eMASS (POA&Ms, Test Results, Risk Assessments, etc.)
- Record and/or prepare artifacts associated with the audit to ensure a repository for all system RMF documentation is kept current
- Provide Certification and Accreditation (C&A) support in the development of security and contingency plans by conducting risk and vulnerability assessments
- Use the 800 Series NIST Special Publications as reference for C&A, system security plans, risk assessment, and other security requirements
- Create, edit, and review organization and team level documentation for clarity and accuracy and assist with development of security related TTPs, SOPs, processes, plans, or diagrams
- Use automated security scanning tools (SCAP, ACAS, BNA, etc.) to identify potential vulnerabilities
- Analyze and report findings to technical teams and leadership for appropriate tracking and mitigation
- Research RFIs from technical teams regarding STIG checklists, regulations and/or BBPs
- Explain requirements to systems administrators in detail to ensure proper understanding and clarity
- Review proposed courses of action from technical teams and recommend the most secure option while balancing operations and/or mission requirements
- Assist in the identification, tracking and remediation of security risks discovered on information systems
- Prepare and deliver detailed written reports and oral presentations to the Security Manger, Information Assurance Manager and other senior leaders or staff
Requirements
- High School diploma/GED + 4 years of IT/Cyber experience; AA/AS + 2 experience IT/Cyber experience; BA/BS + 2 years of experience IA/IT experience
- Experience with Risk Management Framework (RMF) and vulnerability management
- Experience performing audits within an organization
- Experience with Risk Management Framework (RMF) and vulnerability management
- Knowledge of network specific Security Technical Implementation Guides and checklists
- Knowledge of asset scanning
- Exceptional communication and interpersonal skills
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking “Apply Today” you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.