Junior Security Analyst

About The Position

Requirements

• Must be a US Citizen
• CompTIA Security + certification
• A bachelor's degree in information technology systems, computer science, or a related field and experience in information technology systems or a related area
• At least 3 years of information security experience, including documenting system security controls in place to support the Assessment and Authorization processes.
• 1-2 years of professional experience supporting information security/assurance programs, policies, processes, and operational procedures per various standard security frameworks/laws/standards/directives, e.g.: FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act; FedRAMP
• Experience using Nessus, AIDE, Windows, Linux/RHEL
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Hands on experience analyzing requirements and writing to security control implementation language
• Experience in with identifying and collecting required security control artifacts
• Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974
• Experience writing System Security Plans using-depth knowledge of the NIST 800-53 security control requirements and standard methods for implementing security controls
• Understanding of risk assessment and risk management concepts, including POA&M support
• Practical knowledge of IT System contingency planning and incident response
• Good understanding of continuous monitoring and continuous authorization concepts
• Good understanding of protection of PII and PIA concepts
• Expert use of MS Office, especially Word, PowerPoint, and Outlook
• Good ability to articulate technical concepts, especially in the audit review process

Responsibilities

• Oversee, evaluate, and support the documentation, validation, and accreditation processes necessary to assure that IT systems meet the organization’s security requirements
• Respond to crisis or urgent situations within the system to mitigate immediate and potential threats
• Use mitigation, preparedness, and response and recovery approaches, as needed, to maximize information security
• Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives
• Provide security advice and recommendations to leadership and staff based on NIST and FIPS guidelines
• Analyze system security assessment reports
• Develop estimates of the security risks associated with deployment of new technologies
• Use defensive measures and information collected from a variety of sources to identify, analyze, and report events