POSTION Requisition # 0128
THIS POSITION IS REMOTE
BSI Solutions, Inc. is seeking a Security Analyst, Sr. to support a Department of Veterans Affairs (VA) Task Order. The chosen candidate will be part of a team providing Enterprise Security Architecture (ESA) technical support services that accommodate VA’s scope, size and complexity, including enterprise architecture, emerging technologies, networks, mobile, in specialized areas like healthcare, specialized medical devices, cybersecurity, IT Modernization, and large scale architecture. We are seeking specialized technical and security expertise of new technologies that VA is introducing, including merging of Electronic Health Records (EHR), cloud computing, Application Programming Interfaces (APIs), specialized networks (i.e., software and security perimeter and defined networks) Internet of Things (IoT), analytic ecosystems, and medical devices. The Candidate should have demonstrated expertise in IT; communications; systems architecture; engineering, and integration; along with the ability to apply this expertise across a broad portfolio of IT systems, software, and infrastructure solutions.
The Security Analyst, Sr. will effectively leverage detailed knowledge and familiarity with security discipline with a strong focus on conforming to an Enterprise level architectural framework. The Security Analyst, Sr. should have thorough knowledge of the principal threat models and techniques used in Federal Information Technology systems. Candidates should be familiar with NIST Cybersecurity Framework (CSF), NIST Special Publication 800-154, Guide to Data-Centric System Threat Modeling, STRIDE, DREAD, OCTAVE, MITRE ATT&CK, Lockheed Martin Kill-Chain, .GOVCar, and other frameworks, tools and concepts related to threat modeling and analysis. The candidate should be able to apply security principles, concepts, policy and regulations and be able to pinpoint risks in security systems and work with technical experts to remediate security issues. The Security Analyst, Sr. will identify key concepts, factors and risks, based on various methods of research and customer interactions, and will document these in clear and concise narrative or graphical representations. This is a remote position that can be performed anywhere in the U.S.
Must have experience in the following areas;
· Security architecture frameworks
· Cybersecurity framework
· DODAF and/or TOGAF
List daily duties and/or specific job responsibilities.
· Assist in planning and strategies for incident management, cybersecurity vulnerability assessment, continuous monitoring, configuration management, change management, risk assessments, system impact assessments, identity and access management (IAM).
· Support development of Enterprise Security Architecture artifacts based on the ESA Roadmap.
· Develop, review, and assess system level architectures for security flaws or gaps.
· Support adoption of the ESA roadmap by crafting standards, guidelines, and design patterns that follow the ESA mission and various security frameworks (e.g., CSF, CGS, SABSA).
· Adapt enterprise threat models and techniques to specific technologies, including but not limited to medical devices, sensors, IT systems, industrial controls, Artificial Intelligence and Machine Learning, Blockchain technologies, DevSecOps and public and private cloud.
· Interface with key stakeholders within the various product and Security teams.