Information System Analyst

About The Position

Requirements

• Bachelor's degree and nine (9) years or more of related experience; Master's degree and seven (7 years or more of related experience; may accept additional experience in lieu of degree.
• Extensive experience developing and revising system-specific security safeguards and local operating procedures based on relevant guidelines and regulations.
• Deep knowledge of NIST SP 800-37 (Risk Management Framework), NIST SP 800-53 (Security Controls), NIST SP 800-100 (Information Security. Handbook), NIST SP 800-137 (Continuous Monitoring), and FedRAMP requirements.
• Proven ability to provide authoritative guidance to project teams on security guidelines and regulatory requirements.
• Significant experience producing Information Security Documentation including Accreditation Packages and System Security Plans.
• Demonstrated expertise developing and maintaining comprehensive documentation outlining system operating environments.
• Strong track record producing security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, contingency plans, and related documentation.
• Extensive experience coordinating and conducting system security audits to support compliance with System Security Plans.
• Proven ability to maintain Authority to Operate (ATO) status through effective security management and continuous monitoring.
• US Citizenship
• Active secret clearance with the ability to obtain a top secret clearance.

Nice To Haves

• Professional certifications such as CISSP, CISM, CAP, or similar.
• Experience supporting Department of State or other federal agency IT security programs.
• Knowledge of Department of State security policies and procedures.
• Experience with security automation tools and continuous monitoring platforms.

Responsibilities

• Collaborate with Network Design and Engineering (DE) and Cybersecurity Management (CSM) on System Owner support requirements.
• Perform comprehensive vulnerability and risk assessment analysis to support accreditation and program protection activities.
• Coordinate and conduct regular system security audits to ensure compliance with System Security Plans and maintain Authority to Operate (ATO) status.
• Monitor and ensure adherence to NIST SP 800-37, NIST SP 800-53, NIST SP 800-100, NIST SP 800-137, and FedRAMP requirements.
• Develop and maintain Information Security Documentation including Accreditation Packages and System Security Plans (SSPs).
• Produce and maintain comprehensive documentation outlining system operating environments for assigned systems.
• Prepare security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans.
• Conduct pre-accreditation inspections and assist in preparation of accreditation documents.
• Assist IT staff with architectural and engineering designs to incorporate appropriate security features and controls.
• Develop and revise system-specific security safeguards and local operating procedures based on relevant guidelines and regulations.
• Provide expert guidance to project teams on security requirements, guidelines, and regulatory compliance.
• Support implementation of security controls across complex IT environments.
• Work closely with Government customers, contractor teams, and external partners across all program security functions.
• Serve as a trusted advisor on information security matters to technical and non-technical stakeholders.
• Coordinate security activities across multiple teams and organizational boundaries.