Security Analyst / Information Systems Security Officer
Eliassen Group · Fort Meade, MD · 6 days ago
Information Technology$60–$70/hrContract
Responsibilities
- Conduct continuous monitoring for assigned systems, including threat monitoring, access reviews, and vulnerability mitigation planning.
- Support security operations center activities, system reviews, and incident investigations.
- Maintain knowledge of security architecture and business purposes of systems.
- Document and maintain applicable NIST 800-53 controls for responsible IT systems.
- Update System Security Plans semi-annually and document changes.
- Certify accuracy of continuous monitoring information for assigned systems.
- Advisory on architecture and configuration changes through established change and configuration management.
- Evaluate software prior to production to identify and communicate potential risk.
- Support internal and external audits and corrective action execution.
- Evaluate and advise on privileged access requests for IT systems.
- Develop and deliver artifacts required for Ongoing Authorization and the NIST Cybersecurity Framework.
- Attend weekly training and staff meetings to align with procedure updates.
- Use government tooling including resourcing tools for on-site reviews, eMASS for control reviews, RTS for actions, PPSM database, Whitelist Tool, DITPR, and RMF Knowledge Service.
- Conduct security architecture reviews for STIG compliance and best practices and document analysis for risk recommendations.
- Develop customized checklists based on architecture, specialized equipment, accredited deployment guides, and UC APL guidance.
- Analyze POA&Ms and mitigation plans to determine residual risk and document statements of residual risk.
- Conduct risk assessments of threats, vulnerabilities, and mission impact to inform countermeasures and residual risk.
Requirements
- At least 10 years performing or supporting ISSO responsibilities in a US Government environment.
- At least 10 years working with NIST cybersecurity standards and best practices.
- Demonstrated experience with FISMA, FedRAMP, and NIST Special Publications.
- Hands-on experience with RMF, NIST 800-53 control implementation, continuous monitoring, and security assessment and authorization.
- Proficiency with eMASS, PPSM, DITPR, Whitelist Tool, RTS, STIGs, and RMF Knowledge Service.
- Experience conducting vulnerability assessments, POA&M analysis, risk assessments, and architecture reviews.
- Experience supporting audits and generating authorization artifacts and evidence.
- Ability to evaluate software risk and advise on change and configuration management processes.
- Active Secret security clearance.
- U.S. citizenship.
Qualifications
- Bachelor's degree in computer science, information systems, or a related field.
- CISSP certification.
- CISM certification.
- CompTIA Security+ certification.