Mid-Level System Security Analyst

Minimum Job Requirements :

This role serves as a "hands-on" mid-level security analyst who will be responsible for interfacing with the security engineering, operations and build teams, assisting with the development and / or maintenance of various POAMs, input to System Security Plans (SSP) and associated documentation for multiple environments, gathering scan results, conducting analysis on scan results, providing recommendations for vulnerability remediation or mitigations and providing information on the current risk and vulnerabilities. This position will assist with ongoing continuous monitoring activities on a daily, quarterly or annual basis. Additionally, this role will assist with the security assessments (i.e. FedRAMP, FISMA, HIPAA, SOC, etc.), to include supporting collection of evidence. A thorough understanding of vulnerability management (scans, assessment findings, deviation requests, etc.) in order to maintain a secure posture is required.

The Security Analyst will be responsible for Continuous Monitoring Support

for the various environments; which may include development of the metrics / trends, analysis of scan results, assisting with the FedRAMP, FISMA, IRAP, etc authorization processes to include scan analysis and deviation requests, and briefing of status, as required. This role serves as a mid level security analyst who assists with the continuous monitoring process, and can provide thoughtful recommendations on remediation / mitigation, as well as development of associated processes and procedures. This role must communicate between security, engineering, development and operations teams as required, and be able to interpret and document the results of data gathering. Key deliverables for success will be maintenance of various conmon activities (i.e. scan execution, review and analysis, POAM maintenance, etc.); ensuring processes and procedures are current and followed, and provides management with a status of the security posture of the environment.

In Summary, this position needs to be able execute the following :

• Gather information, understand architecture diagrams and implementation of the scans configuration through interfacing with the security engineering, operations and build teams
• Develop security documentation such as, but not limited to, conmon plans, procedures and processes, and standard operating procedures
• Analysis various scans for application, operating system and containers, to include accuracy
• Review and maintain POAM manually as well as via automated tools
• Maintain, via review and update, of all POAM inputs, including vendor and operational dependencies.
• Understand the intent of the FedRAMP / FISMA security controls and communicate as needed
• Assist with the FedRAMP / StateRAMP or FISMA authorization to include, but not limited to, prep of ISSE and operations team through mock interviews, update / explanation of documentation and processes as required, and support FedRAMP PMO / Agency / CISO requests
• Assist with ITAR / EAR, HIPAA, PCI DSS, ISO, SOC assessments to obtain / maintain certifications, as required

The general qualifications for a mid-level security analyst - conmon consists of :