IT Security Analyst
- Posted: over a month ago
- Benefits: 401k, dental, life insurance, medical, vision,
Banner Quality Management Inc. (BQMI) is a highly respected woman owned, 8(a) certified small business , which provides Information Technology (IT), safety, multimedia, training and project management services to the Federal government and other valued customers. Our continued growth offers many new opportunities for skilled and motivated contributors.
Our Professional Administrative Computational and Engineering V (PACE V) contract provides a wide range of IT services to NASA Glenn Research Center (GRC) and throughout the Agency.
This position will assist in the management of IT Security System Security Plans for NASA LaRC. The guidance for conducting the assessments/audits is provided by the Federal Information Security Act (FISMA) of 2002 and the National Institute of Standards (NIST). This position serves as the point of contact for system owners providing information technology security guidance protecting NASA data. Incumbents will perform other duties and assessments as required.
Essential Duties & Responsibilities:
This position will assist in the management of IT Security System Security Plans for NASA LaRC.
This position serves as the point of contact for system owners providing information technology security guidance protecting NASA data.
Perform NIST Risk Management Framework (RMF) lifecycle Assessment and Accreditation activities for all associated project System Security Plans.
Perform and review technical security assessments of computing environments to identify points of vulnerability, non-compliance with established standards and regulations, and recommend mitigation strategies.
Develop and maintain processes and procedures to identify, track and mitigate system vulnerabilities.
Provide regular reporting on patch management program and overall operational status of patch compliance.
Perform analysis, identify and implement protection solutions, and prepare and maintain security related documentation, processes, and procedures.
Provide leadership, guidance, and recommendations to peers for security control implementation and documentation.
Perform risk assessments, determine impact, and recommend/implement remediation solutions.
Perform security impact analyses for changes to the information system
Perform Ongoing Authorization and Continuous Monitoring activities.
Propose Plan of Actions and Milestones (POA&M) and Risk-Based Decisions (RBD).
Provide security assessment findings and recommendations to the Information System
Know and adhere to Company policies, procedures and work rules and demonstrate a strong work ethic
Maintain regular and acceptable attendance level as determined by the Company and your manager.
Responsible for completing all assigned training
Responsible for understanding and implementing the FISMA Act of 2002.
Responsible for performing IT Security assessments using the NIST guidance.
Responsible for providing weekly and monthly reporting metrics based upon the
implemented project plan for conducting security assessments.
Responsible for providing NASA LaRC risk status and posture on an ongoing basis.
Responsible for reducing, mitigating and eliminating risk to the LaRC enterprise.
Responsible for using the LaRC software tools to manage the LaRC System Security
Provide consulting to LaRC managers, supervisors and LaRC workforce relating to
security and privacy controls, NASA and LaRC security policies and procedures,
processes and standards.
Provide consulting to LaRC managers, supervisors and LaRC workforce based on NIST
guidance, policies and procedures.
Responsible for continuous improvement of the IT security metrics by identifying new
metrics, methodologies and methods of reporting.
Provide security presentations periodically.
Develop, lead and conduct security workflow.
Responsible for leading reviews of security policies and standards.
Responsible for performing security assessments/audits and risk assessments on system
managing NASA data.
Responsible for conducting Contingency Plan reviews and business impact assessments.
Solid knowledge of Cybersecurity processes and best practices
Understanding of IT Security Plans and planning
Working knowledge of FISMA and NIST requirements and standards
This position prefers a Bachelor’s; degree preferably in computer science or a related field in IT security. The degree should be from an accredited college with a minimum of three (3) years of experience. Candidates with Bachelor’s degrees in other fields will be considered depending on relative work experience and years in the field.
Candidates must have experience in IT security assessments and audits of IT security controls.
CISSP or GIAC and CAP certification preferred.
Experience with security audits/assessments
Demonstrate technology leadership
Word, Excel, PowerPoint, VISIO
Understanding of basic Project Management Methodology
Personality or self-management skills:
Proactivity, flexibility and solid verbal and written communication skills.
Ability to have an open mind and balance your confidence with the willingness to change
Ability to compromise and take direction from others.
To apply please submit a current resume and cover letter to:
Banner Quality Management Inc. at: firstname.lastname@example.org
BQMI is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Due to contract requirements, U.S. citizenship is required to obtain access to government facilities and systems.
Banner Quality Management IncWhy Work Here?
We are a small company that has a people first culture that emphasizes personal & professional growth. Competitive benefits & 401(k) match.
BQMI is an employee oriented, stable and dynamic small business.
TechnologyView all jobs at Banner Quality Management Inc