Jobs · Information Technology · Maryland

Security Analyst / Information Systems Security Officer

Eliassen Group · Fort Meade, MD · 6 days ago
Information Technology$60–$70/hrContract

Responsibilities

  • Conduct continuous monitoring for assigned systems, including threat monitoring, access reviews, and vulnerability mitigation planning.
  • Support security operations center activities, system reviews, and incident investigations.
  • Maintain knowledge of security architecture and business purposes of systems.
  • Document and maintain applicable NIST 800-53 controls for responsible IT systems.
  • Update System Security Plans semi-annually and document changes.
  • Certify accuracy of continuous monitoring information for assigned systems.
  • Advisory on architecture and configuration changes through established change and configuration management.
  • Evaluate software prior to production to identify and communicate potential risk.
  • Support internal and external audits and corrective action execution.
  • Evaluate and advise on privileged access requests for IT systems.
  • Develop and deliver artifacts required for Ongoing Authorization and the NIST Cybersecurity Framework.
  • Attend weekly training and staff meetings to align with procedure updates.
  • Use government tooling including resourcing tools for on-site reviews, eMASS for control reviews, RTS for actions, PPSM database, Whitelist Tool, DITPR, and RMF Knowledge Service.
  • Conduct security architecture reviews for STIG compliance and best practices and document analysis for risk recommendations.
  • Develop customized checklists based on architecture, specialized equipment, accredited deployment guides, and UC APL guidance.
  • Analyze POA&Ms and mitigation plans to determine residual risk and document statements of residual risk.
  • Conduct risk assessments of threats, vulnerabilities, and mission impact to inform countermeasures and residual risk.

Requirements

  • At least 10 years performing or supporting ISSO responsibilities in a US Government environment.
  • At least 10 years working with NIST cybersecurity standards and best practices.
  • Demonstrated experience with FISMA, FedRAMP, and NIST Special Publications.
  • Hands-on experience with RMF, NIST 800-53 control implementation, continuous monitoring, and security assessment and authorization.
  • Proficiency with eMASS, PPSM, DITPR, Whitelist Tool, RTS, STIGs, and RMF Knowledge Service.
  • Experience conducting vulnerability assessments, POA&M analysis, risk assessments, and architecture reviews.
  • Experience supporting audits and generating authorization artifacts and evidence.
  • Ability to evaluate software risk and advise on change and configuration management processes.
  • Active Secret security clearance.
  • U.S. citizenship.

Qualifications

  • Bachelor's degree in computer science, information systems, or a related field.
  • CISSP certification.
  • CISM certification.
  • CompTIA Security+ certification.

Similar jobs