Information Security Analyst (Federal)
- Posted: over a month ago
Tevora is looking for an exceptional, technical Security Analyst to join our growing team. The right candidate will have a balanced mix of business delivery and security posturing expertise. In this position, you will be responsible for assessing compliance criteria on a wide variety of client projects, providing thought leadership to the overall practice through meaningful client work and participate in community involvement (white papers, presentation, etc.).
Tevora is a specialized management consultancy focused on cyber security, risk, and compliance services. From our offices in California, Virginia, and New York, we service some of the world's leading companies, institutions, and governments to ensure the safety of their information and their compliance with applicable regulations.
We take a long-term outlook and proactive approach to help clients develop and implement strategies that keep their organizations compliant and their brands safe.
· Participating in IT, information security compliance assessments, audits, gap analyses, and remediation.
· Actively contributing to projects in the areas of FISMA, FedRAMP, DFARS, CMMC and NYS DFS 500.
· Communicating with project stakeholders to effectively convey requirements of technical and process improvements.
· Assisting in the development of customized policies, procedures, controls, disaster recovery plans and technical documentation for applications, systems, and infrastructure.
· Possess a working knowledge of IT security and various frameworks (i.e. NIST 800-30, NIST 800-37, NIST 800-53, NIST 800-171, etc.).
The ideal candidate will have experience with:
· Knowledge of and experience with audits and attestations.
· Knowledge of security architecture, infrastructure, network, and systems design.
· Basic knowledge of common IT and security concepts including: cloud environments, firewall management (installation, configuration, and maintenance), server management, SIEM, IDS/IPS, web proxies, access control, and authentication.
· Security policy frameworks and control design.
· Understanding policy exceptions, identifying compensating controls, and remediation action plans.
Abilities The successful consultant will:
· Connect easily with clients and colleagues to communicate effectively across business and technical boundaries to offer palatable recommendations as a subject matter expert.
· Work independently without detailed guidance.
· Be proficient in writing executive-level reports and technical documentation.
· Independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations
· Assist team members with proper artifact collection and detail to client's examples of artifacts that will satisfy assessment requirements
· Read and interpret all control families
· Read and interpret firewall rulesets and network/boundary/data flow diagrams
· Demonstrate strong personal initiative to appropriately manage time and meet deadlines
· High attention to detail
· Strong technical researcher
Education and Experience
· At least one Security, Risk or IT certification CISA, CISSP, CSSLP, CISSO, CFR, Cloud+, GICSP, SCYBER, CCNA Security, CCNA Cyber Ops, CySA+, GCIH, GSNA, GCIA or equivalent.
· Bachelor's Degree from an accredited 4 year university
· Minimum 2 years of experience in the information security, or enterprise risk and compliance field.
· Valid driver's license as driving will be required in this role
· Eligible to work in the United States
Comprehensive Health, Vision, and Dental Insurance
Tevora is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Job Posted by ApplicantPro
TechnologyView all jobs at Tevora