Information Security Analyst Lead

About The Position

Requirements

• Minimum of 8+ years of related experience.
• Must hold a current Security+ certification.
• Bachelor’s degree in Computer Science, Information Systems, Engineering, Business, or a related technical discipline is preferred. Additional relevant experience may be considered in lieu of a degree.
• Experience designing security "baked-in" to architectures including Cloud and IaC, applications, web applications, data processing, data-centric applications, AI/ML, and CI/CD pipelines.
• A proven track record of seeking automation-driven designs.
• Familiarity with Agile methodologies.
• Working knowledge of AWS or Azure security tools, their functionality, and their purpose.
• Ability to assist customers with defining appropriate management processes (responsible for documenting application criticality, privacy, and security impact analysis).
• Knowledge of hardening standards (DISA STIG, CIS).
• Experience with the NIST Risk Management Framework, NIST 800-53 rev5, and NIST 800-171.

Nice To Haves

• Federal Government contracting work experience.
• Experience as an ISSO for the DoD.
• Highly preferred industry certifications such as CISSP, CEH, GIAC, etc.
• Experience with Security Information and Event Management (SIEM) systems (e.g., Splunk).

Responsibilities

• Work closely with Product Owners, other ISSOs, ISSMs, and engineering and infrastructure staff to provide guidance on the implementation of security policies, standards, and procedures.
• Analyze new or updated security requirements, collaborate with stakeholders, and develop responses that are clear and accurate.
• Support the review and update of ATO artifacts such as System Security Plans, Information System Contingency Plans, Configuration and Change Management Plans, Incident Response Plans, Privacy Impact Analyses, and more.
• Interpret security risk assessments, review security scan results, assess security vulnerabilities, and support the development and remediation of vulnerability and compliance issues via Plans of Action and Milestones (POA&Ms).
• Support the development and implementation of design documentation.
• Work with engineering and infrastructure personnel to document remediation for vulnerabilities and non-compliance issues.
• Analyze and interpret agency security requirements and provide governance communication to non-security personnel.
• Collaborate with product teams, ISSOs, and other stakeholders in support of continuous monitoring and ATO efforts.
• Conduct vulnerability assessments and monitor systems, networks, databases, and Web-based assets for potential system breaches.
• Recommend and take the lead on implementing changes to enhance security systems, prevent unauthorized access, and help mitigate security vulnerabilities.
• Respond to alerts from information security tools. Report, investigate, and resolve higher-level security incidents.
• Respond to security tool outages and degradations in service, tune security rules and alerts, and set up/maintain security tool dashboards and reporting.
• Research security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach.
• Ensure compliance with regulations and privacy laws. Conduct research to identify new attack vectors.
• Educate and communicate security requirements and procedures to all users and new employees.
• Recommend process improvements to the information system for risk mitigation.
• Support continuous improvement and security automation practices to strengthen the program’s overall security posture.
• Conduct audit log reviews, present findings, and plan for investigation or remediation activities.
• Perform periodic user and privileged access reviews.

Benefits

• medical, dental, and vision coverage
• 401(k) retirement benefits
• paid time off
• paid holidays
• life and disability insurance
• additional wellness and employee support programs