This role serves as a hands-on mid level security analyst who will be responsible for interfacing with the engineering team, gathering the security control implementations information for the technical controls and documenting their implementation in the SSP. Additionally, this role will assist with the security assessments, and continuous monitoring evidence.
The Security Analyst will be responsible for development of the Paas/Saas security documentations, assisting with the FedRAMP or FISMA authorization processes to include prep of the operations team, and documentation summary and update as required. This role serves as a mid level security analyst who evaluates the control implementation and who can provide thoughtful recommendations. This role must communicate between security, engineering, development and operations teams daily, and be able to interpret and document the results of data gathering. Key deliverables for success will be a complete SSP(s) that accurately depicts the PaaS or SaaS environment, ensures that all FedRAMP / FISMA security controls are successfully implemented and associated security documentation is developed and implemented. After authorization, monthly status of the security posture, via a POAM, will be maintained and updated.
- Gather information, architecture diagrams and implementation of the security controls through interfacing with the security engineering team
- Develop security documentation such as, but not limited to, SSP, security plans, procedures, and processes
- Understand the intent of the FedRAMP moderate security controls, FISAM security controls and communicate as needed
- Assist with the FedRAMP or FISMA authorization to include, but not limited to, prep of operations team through training and mock interviews, update documentation as required, and support FedRAMP PMO/ Agency / CISO requests
- Maintain and update a monthly Plan of Actions and Milestones (POAM) as appropriate
- Bachelors Degree in Computer Science / MIS / Information Technology, or equivalent experience in Information Security, Information Technology, or related technical discipline
- Minimum 7 years Information Technology experience
- Experience with Cloud technologies, especially AWS and Azure, desirable
- Experience with FedRAMP and/or other authorization processes and NIST risk management framework
- Experience in developing, evaluating, and implementing information security architectures, technologies, standards, and practices to secure applications and IT systems, desirable
- Experience in development of security documentation such as SSP, policies, procedures, etc
- Flexible, self-motivated, and able to work independently in a fast paced environment
- Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.
- Skill in preparing and making written and oral presentations of complex technical nature.
- Demonstrated ability to coordinate multiple tasks
- U.S. Citizen
SPECIFIC TECHNICAL SKILLS DESIRED:
- Professional industry certifications in area of expertise.
- Knowledge of Best Practice and security guides (ex. NIST 800-53 rev 4, NIST 800-53, FedRAMP)
- ISC CISSP or ISACA CISM or equivalent certification
- Health Care Plan (Medical, Dental & Vision)
- Retirement Plan (401k, IRA)
- Life Insurance (Basic, Voluntary & AD&D)
- Paid Time Off (Vacation, Sick & Public Holidays)
- Family Leave (Maternity, Paternity)
- Short Term & Long Term Disability