Senior Security Analyst Job at Shedd RS, Camp Springs, MD

by9SR2xPalkrT0tWS0tRSjRZVEE0NllXM0E9PQ==
  • Shedd RS
  • Camp Springs, MD

Job Description

We are looking for a Senior Security Analyst to join our client’s team supporting their government customer. This position requires on-site support 1 day/week (Tuesday or Thursday) at the federal client’s HQ located in Camp Springs, MD.

This is a direct hire position with our client with an anticipated salary range of $115-130k.

The successful candidate will assist the customer with ensuring that all aspects of the Risk Management / Continuous Monitoring Program are operating as intended and make process improvement recommendations to drive efficiencies within the organization. The individual will act as a liaison between various groups within the customer organization including but not limited to the Security Control Assessment Team (SCA), Risk Management and Internal Controls (RMIC) Group, and System development & Maintenance Team as well as other groups within the Information Security Division.

Responsibilities Include:
  • Using automated tools, identify presence and use of any unapproved technology components in the common operating environment to ensure compliance with the client’s enterprise architecture and applicable reference models.
  • Work closely with the client’s Audit Team to identify areas for process improvement.
  • Understand and incorporate lessons learned from internal and external audits across the enterprise’s portfolio of IT systems by working closely with the client’s Audit Team.
  • Validate results of control testing conducted by Information System Security Officers (ISSO) in support of annual self-assessment requirements for IT systems within the required testing frequencies as part of the Continuous Monitoring Program.
  • Review artifacts submitted as evidence of control testing results as a part of the self-assessment testing conducted by the ISSOs to validate reported test results.
  • Review, validate, and track false positives and known deviations in scan results reported by the ISSOs to provide assurance that IT system operation meets specified security control implementation requirements as specified in the NIST SP800-53 and supporting DHS guidance.
  • Review documentation submitted in support of requesting a waiver for compliance with specified security requirements per the NIST SP 800-53 and provide recommendations to client for approval and acceptance of associated risk.
  • Review and assess system changes to determine the level of independent security assessment required in support of the Security Impact Analysis process for the enterprise portfolio of systems.
  • Coordinate with the SCA team on testing of common controls, the client’s RMIC Group for A-123 and external assessments, as well as the schedule for testing applications due to major changes.
  • Perform quality assurance reviews of security documentation as needed to ensure content meets the intended requirements and is suitable to determine the security posture and associated risk of an IT system.
  • Participate in process improvement initiatives to mature the client’s internal business processes in areas including, but not limited to, vulnerability remediation, patch remediation efforts, STIG compliance, and standard OS images.
  • Develop and maintain documentation relating to internal security processes and procedures, including related training materials.
  • Develop briefings and presentations for Government PM and Executive Management.
  • Gather data in support of Data Calls and develop a written summary describing the results.
  • Perform other duties as assigned by the Government.
  • Ability to work efficiently and effectively in a dynamic and fast-paced environment.
  • Determine the clearest and most logical way to present information and instructions for greatest reader comprehension and write and edit technical information accordingly.
  • Meet with SMEs to ensure that specialized topics are appropriately addressed and discussed.
Required Skills, Qualifications and Experience:
  • Must be a US Citizen with suitable eligibility for Public Trust position.
  • Bachelor’s degree in information technology or related field.
  • Minimum of 5 years of experience evaluating IT systems using NIST SP 800-53 in the federal government.
  • Must reside within a commutable distance to Camp Springs, MD in order to work a hybrid onsite schedule of 1 day/week (Tuesdays or Thursdays).
  • Previous experience using one or more of the following tools: tenable.io, Nexus IQ Server, Splunk Enterprise v 7.3 and higher, DoJ CSAM, JIRA/ Confluence, CloudCheckr, PrismaCloud.
  • Working knowledge of the NIST SP 800-37 Risk Management Framework.
  • In depth knowledge of the NIST SP 800-53 and direct experience applying the NIST SP 800-53 to document and evaluate IT system compliance with specified control requirements.
  • Previous experience as an IT Project Manager and/or possess the necessary IT background to accurately assess system changes and categorize them as a major versus minor change.
  • Demonstrates the ability to assess overall risk to an IT system and the data it stores, processes, or transmits, based on the type of IT system changes being implemented.
  • Ability to work independently and possess a solid understanding of cyber security concepts.
  • Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
  • Ability to clearly communicate complex technical concepts to Information Technology Project Managers, Database Administrators, Application Developers, and Security Compliance Analysts, as well as non-technical POCs such as Branch Chiefs and Business System Owners.
  • Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads.
  • Ability to adapt to an Agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government.
  • Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
  • Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints.
  • Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.
  • Must have previous client-engagement experience.
Desired Skills, Qualifications, and Experience:
  • Previous experience supporting Department of Homeland Security federal clients preferred.
  • CISSP preferred, but not required.
  • Other security-related certification(s) such as CISA, CISM, and/or similar preferred, but not required.
  • May be asked to lead a team of up to 3 Security Analysts in coordinating workload, identifying dependencies, escalating risks, etc.

Job Tags

Contract work, For contractors, 1 day per week,

Similar Jobs

Aston Carter

Indirect Category Manager Job at Aston Carter

 ...Job Duties:Deep working and demonstrable knowledge of the IT category Detailed experience and knowledge of the strategic sourcing...  ...that provide maximum value to the business while effectively managing organizational spend Engage internal stakeholders in order to... 

Dynamics ATS

Bookkeeper Job at Dynamics ATS

 ...Bookkeeper JOB-10042031 Anticipated Start Date June 24, 2024 Location San Antonio, TX Type of Employment...  ...vendors Software Utilization: Use accounting software (e.g., QuickBooks, Sage) to manage financial data. Maintain proficiency in software... 

Signing Agent Jobs

Notary Signing Agent. Omaha, NE Job at Signing Agent Jobs

Signing Agent Jobs ( is seeking for someone to fill the position of a Signing Agent Contractor to work virtually in the U.S.OVERVIEW:...  ...Let's get started!Sign up today to get connected to Mobile Notary Signing Agent Jobs!Please give us a call at (***) ***-****... 

Transdev

Bus Operator Job at Transdev

 ...an overview video at Bus Operator CDL Required Have you considered being a Bus...  ...your community? Nows your chance! Get PAID to do what you love! Transdev Drivers provide...  ...time off & vacation ~ Cutting edge paid training ~ Year-round work ~ Freedom of being... 

Lead IT Corporation

Sap project manager Job at Lead IT Corporation

 ...6+ years of combined experience in training, development, and working in production environments of SAP s Enterprise Resource Planning and Financial Management module. 6+ years of experience in State government budgetary process. 6+ years of experience consulting...