Cybersecurity Analyst III

About The Position

Requirements

• Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions
• Knowledge in analyzing, recommending, & developing enterprise-wide security policies, standards, & guidelines within appropriate organizational risk tolerances.
• Strong knowledge of cloud security best practices and compliance frameworks
• Knowledge of root cause analysis, risk mitigation, analysis of security threats, trends, and architecture.
• Knowledge of the basic tenants of enterprise risk management (threat management, vulnerability management, and risk treatment).
• Knowledge of network, system, application and data protection standards, benchmarks, processes, applications, tools, and techniques.
• Knowledge of network, system/endpoint, application and data protection issues and security risks.
• In depth knowledge of the NIST Special Publications (800 Series) with particular emphasis on the SP 800-53 Security and Privacy Controls for Federal Information Systems & Organizations. Must be able to demonstrate extensive knowledge of control structures and application of controls.
• Excellent written and verbal communication skills; interpersonal and collaborative skills; the ability to communicate security, and risk-related concepts to technical and nontechnical audiences; persuasive, encouraging, motivating, and inspiring; the ability to listen and understand.
• Experience in risk assessment and mitigation strategies for cloud environments
• Proficiency in automation and scripting for security operations
• High analytical skills.
• Skilled in performing security risk and compliance assessments.
• Skilled at recommending, implementing, and delivering security solutions based on analysis and business requirements.
• Skill in evaluating enterprise networks/systems for assurance of control requirements as specified by the IRS Pub.1075, Tax Information Security Guidelines for Federal, State & Local Agencies. Capable of managing control assertion & corrective action plan processes including the coordination of status updates & report submission.
• Skill in implementing enforcement of security policy within technology solutions.
• Skilled in project management, financial/budget management, scheduling and resource management.
• Ability to translate complex technical concepts to non-technical stakeholders
• Ability to monitor the legal and regulatory landscape to proactively address new information security related requirements
• Ability to develop positive relationships and effectively communicate with management, software /systems/security architects, software/systems/security engineers, quality assurance, auditors, Legal, Privacy, and IT & security operations staff.
• Ability to define, learn, understand, and apply new technologies, methods, and processes.
• Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities.
• Must hold at least one of the following certifications: •Certified Information Systems Security Professional (CISSP)•Microsoft Cybersecurity Architect (SC-100)•AWS Certified Solutions Architect•Prisma Certified Cloud Security Professional
• 5+ years of experience in IT security.
• Hands-on experience with cloud platforms (e.g., AWS, Azure, Google Cloud)

Responsibilities

• Leads in the design and deployment of the Information Security Assurance Program activities
• Leads internal security and compliance assessments for assurance purposes
• Supports security and compliance controls through the agency's Governance, Risk and Compliance (GRC) tool.
• Champions the Security Awareness Program
• Other duties as assigned.

Benefits

• comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more