SOS International LLC Sr. Computer Security Analyst in Washington, District Of Columbia
Sr. Computer Security Analyst
Washington, District of Columbia
Job ID: 2018-1017
Senior Computer Security Analyst
Location: Washington, DC
Clearance: Public Trust (Customer specific)
This position is located in Washington, DC. You must be a US citizen in order to obtain the security clearance. The ideal candidate will be responsible for assessing information risk and facilitates remediation of identified IT security and IT risk across the enterprise. Performs assessments of the IT security/risk posture within the IT network, systems and software applications, in addition to assessments within the different systems. Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintains oversight of IT and continuous monitoring for security maintenance of their systems and applications. Provides weekly project status reports, including outstanding issues. The Senior Security Analyst will assist in all IT audits and IT risk assessments. This position will help with a dynamic role requiring leadership and coordination with multiple IT teams. This environment supports over 1,100 users and over 7,000 assets located in multiple locations in the Washington, DC area; as well as offices in New York, NY; Chicago, IL; and Kansas City, MO.
Key responsibilities including but not limited to:
Coordinate, plan, schedule, and execute initiatives for the complete support and management of the IT security posture for the Federal client
Establish and maintain a CFTC Configuration Management program following Security Configuration Management (SecCM) Plan, Identify and Implement, Control Configuration Changes, and Monitor for compliance lifecycle management
Monitor security threats to baseline configurations (workstations, laptops, servers, network appliances, mobile devices, etc.)
Perform security impact assessments for each submitted requested approved change control record
Support the development of tailored security configuration bases.
Work with the Security Team to gain acceptance and approval of all security controls.
Management of IT security and IT risk (e.g., data systems, network and /or web across the enterprise)
Develop and revise policies, procedures and standards that meet existing and newly developed policy and regulatory requirements based on federal requirements and standards.
Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the agency.
Work with the agencies system owners to establish gap analysis for agency systems based on the determined FIPS-199 system level.
Participate in the Configuration/Change Control Board (CCB) for review and recommendations for Configuration baseline vulnerability identification and remediation before and after implemented changes.
Support activities for the NIST Risk Management Framework (RMF) and Continuous Diagnostic and Mitigation
Act as the lead security adviser for the change control board
Assist in researching, evaluating, and developing relevant Information security policies and guidance.
Minimum of 7 years of technical experience (Computer system design, integration, application development, and computer security)
Bachelors of Science Degree (or equivalent experience)
Must be a US Citizen
Knowledge of technical infrastructure, networks, databases, and systems in relation to IT Security and IT Risk.
Experience in conducting IT compliance assessments
Experience in IT security controls for NIST 800-53 (lastest version)
Technical experience with Security Operations Tools (such as Symantec (SEP/DLP), Solar Winds, ForeScout, AccelOpps, FortiSIEM, Cisco Sourcefire, Stealthwatch, IronPort, MIMESweeper, ProofPoint, TrendMicro, Enterprise Email Gateway, etc.)
- Customer specific Public Trust with ability to obtain a higher clearance level if required.
Possess broad working knowledge of Incident Response activities.
Possess broad working knowledge of Configuration Management, Configuration Items, Configuration Baselines, CMDB management.
Possess knowledge of Risk Management Framework (RMF) for continuous monitoring
Possess broad knowledge of network architecture, asset and configuration management tools, baseline images and compliance folders.
Possess strong technical skills and analytic abilities, as well as experience performing network security analysis and risk management as it relates to the configuration.
Possess ability to perform complex technical tasks in pursuit of overall goals with minimal direction, limited access to systems, and resource restrictions.
Possess excellent written and professional oral communications skills to develop and present compliance reporting and security recommendations.
Possess the ability to translate an understanding of systems and applications into security baselines scan plans and perform hands on security scanning.
Demonstrated ability to analyze scan results and suggest mitigations for security problems.
Possess a broad knowledge of Information Security policies and guidance, as well as the ability to assist in researching, and evaluating.
The employment policy of STG, Inc. is to provide equal employment opportunity for all qualified employees and applicants without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status and to ensure affirmative action is taken in fulfillment of this policy.