Information Systems Security Analyst

at Ishpi Information Technologies, Inc. in Chicago, Illinois, United States

Job Description

Information Systems Security Analyst
Job Locations

US

ID 
2024-1675  

Category 
C5ISR Eng &Tech  

Type 
Regular Full-Time
Overview

ISHPI is a recognized industry leader in providing Cybersecurity support and consulting services to our Federal agency and Department of Defense partners. In this, we specialize in developing and performing Cybersecurity Engineering and Operations processes and activities to ensure systems and services achieve and maintain adequate levels of compliance and operational security posture throughout all phases of their lifecycle. We are currently seeking cybersecurity professionals for positions in the Suffolk VA area supporting the Internal Revenue Service.

Responsibilities

Serve as Security Controls Assessors for formal Security Test and Evaluation, Conduct of Security Certifications of systems/networks/sites assessing security control compliance, providing guidance regarding remediation and mitigation of identified vulnerabilities, all security domains.
Support to the Security Assessment and Authorization (SA&A) Risk Management Framework tasks for all managed systems, networks, and enclaves (all security domains); ensure validity and accuracy review of all associated documentation.
Conduct in-depth security reviews and assessments of deployed and proposed security control implementations for systems and applications hosted in CSP environments such as AWS, Azure, Google etc.
Documenting test case findings from completed Risk and Vulnerability Assessments (RVA) within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs).
Reconciling system categorization and information types against NIST 800-53 and agency specific security control overlays to identify final security control baselines.
Understand and analyze CSP SSPs and provided inherited controls and updating and tailoring system security control implementations to meet the customer requirements.
Knowledge of current NIST RMF and FedRAMP SA&A approaches to ensure that assessment plans and packages are executed and constructed in alignment with FedRAMP PMO requirements.
Provide guidance on the application of security policy, identifying security requirements, providing technical guidance for the satisfaction of requirements, reviewing and determining the adequacy of required documentation.
Develop and update organizational SA&A requirements, document templates, procedures, and policies for cloud-based systems and applications.
Provide support for management and maintenance of assessment and authorization repositories.

Qualifications

Key Skills:
Understanding of architecting and securing applications in the cloud.
Strong familiarity with migrating applications to the cloud.
Strong familiarity with National Institute of Technology (NIST) Information Security Documents.
Experience executing the NIST Risk Management Framework (RMF).
Experience developing and promulgating Security Assessment Plans and POAMs
Experience interpreting and evaluating implementations of NIST 800-53 rev 4 security controls.
Experience in analysis of IA requirements, IA architecture design, IA audit tools and IA compliance for operational/mission systems.
Implementing Risk Management Framework (RMF) in high-risk network environment
Practices and methods of IT strategy, enterprise architecture and security architecture
Requirements:
Bachelor's Degree in Computer Science, Software Engineering, Systems Engineering, Information Systems or a related technical discipline with 5+ yrs. of related work experience ; an additional 4 years of work experience may be substituted in lieu of a degree
Excellent written and oral communication skills a must, with the ability to work independently or as a member of a team; must be comfortable working with personnel on all levels of an organization
Current DoD 8570 IAT III certification preferred or be able to obtain within 90 days of start date
Specialized Expertise:
RMF and ISCM related system assessment and monitoring tasks including general Federal agency FISMA and FedRAMP security assessment and compliance reporting requirements.
Familiarity with Ongoing Authorization/Continous Mitigation OA/CM
Other Applications:
ComplyVision/ACE or other C&A tool or workflow such as IACS/XACTA, eMASS etc
System Platforms:
Microsoft Windows
UNIX
Linux E
Primary Databases:
Microsoft SQL
Clearance Requirement: Selected candidate must a U.S. Citizen and be able to obtain and maintain required Department of Treasury background clearance. Individuals with a current or former... For full info follow application link.

Ishpi Information Technologies, Inc. is an Equal Opportunity and Affirmative Action Employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, disability, or status as a protected veteran.