Security Analyst, Sr


Job ID 18-00301

Industry Computer/IT

Job Type Contract

Location Austin, TX

Description

LABOR CATEGORY DESCRIPTION:
A Security Analyst has experience in the concepts, terms, processes, policy and implementation of information security. Must have experience and knowledge of the latest security measures at all stages of an information system life cycle. Must have the ability to solve complex problems involving a wide variety of information systems. Must be able to understand and differentiate between critical and non-critical systems and networks
 

JOB DESCRIPTION/RESPONSIBILITIES:
Provide 24x7x365 support as required to the Information Assurance Service Line which provides support for Assessment and Authorization (A&A) processes and Continuous Monitoring for 300+ Minor and Major applications serving ITOPS IO datacenters as well as expanding Major application support for Other Government Agencies. Technically, all 300+ A&As are continuously ongoing year around and are part of continuous monitoring.
Contractor shall ensure the Contractor-provided analysts maintain subject matter expertise level of a Certified Authorization Professional (CAP®). on related criteria and guidance such as Federal Information Systems Management Act (FISMA)n, NIST Special Pubs, OMB Memorandum, Privacy Act, HIPAA, applicable VA directives and handbooks IAW 2.0, and local directives and handbooks.
 

1. Experience using governance risk and compliance tools. Research and gather data relevant to the development of security artifacts through multiple techniques such as interview or the use of automated tools and data repositories (e.g. CA SDM, Agiliance Risk Vision Governance Risk and Compliance tool, SharePoint, Vulnerability Management Database)
2. Develop and maintain A&A security artifacts and supporting documentation that meets all applicable FISMA, NIST, VA and ITOPS IO criteria to include:
a. System Security Plan
b. Contingency Plan
c. Risk Assessments
d. Privacy Impact Assessment
e. Privacy Threshold Analysis
f. Incident response plan
g. Configuration Management Plan
h. Security Configurations Checklists
i. Interconnection Security Agreements
j. Self-Assessment
k. Security Impact Analysis
3. Act as the customer liaison for A&A processes and related requirements providing timely, courteous and informative Customer Service
4. Coordinate and monitor the progress of vulnerability scanning and compliance testing from NSOC and ITOPS IO Technical Security
5. Monitor changes to the application such as key stakeholders, hardware, software, hosting environment using provided tools such as CA Service Desk Manager. Monitor flaw remediation using tools such as Nessus Enterprise Web Tool (NEWT).
6. Analyze and recommend to COR/ITOPS IO VA PM(s) information assurance policy guidance to disseminate to both internal and external customers. Any IA policy guidance changes shall be approved by the COR/VA PM prior to any dissemination.
7. Assess security controls for annual FISMA self-assessment testing through interviewing stakeholders, documentation review, analyzing scan results, and reviewing other audits/reviews for applicable findings.
8. Provide status updates as requested to COR/VA PM(s).
9. Act as liaison to the customer to provide audit support for both internal and external audits and reviews.
10. Review and respond to audit provided by customer requests through COR/VA PM(s).
11. Periodically perform user-acceptance testing of the tools and features within the Agiliance Governance Risk and Compliance (GRC) tool utilized for A&A processes.
12. Perform user-acceptance testing of Standard Operating Procedures and Job Aid materials that are used internally by the Information Assurance Service Line staff.
 

DUTIES:
Developing and updating A&A security artifacts such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration management plans, configurations checklists, and interconnection security agreements. This business also includes continuous monitoring, self-assessment testing, and audit and compliance support.



Qualifications

BASIC QUALIFICATIONS:
Steady employment with no lapses between jobs
Experience with governance risk and compliance tools
NIST 800-53 experience
FISMA compliant Assessment and Authorization experience
Certification and Accreditation experience
Knowledge of emerging trends in IT, and how they relate to IT security (cloud computing, mobile computing, virtualization, PCI and SOC compliance)
Advanced knowledge of SIED, FIN, DLP, IDS/IPS, firewall and anti-virus/malware solutions
Advanced knowledge of information security principles and practices: security risk assessment standards, risk assessments methodologies, and vulnerability assessment
Experience implementing policies, procedures and practices to meet PCI requirements
Risk Management Framework experience
CISSP or CAP certified
Self-motivated and assertive
Ability to set priorities and adapt to changes in a quick, professional manner
Excellent oral and written communication skills with internal and external stakeholders at every level
Organizational skills which enable tracking and meeting multiple concurrent long and short term project milestones
Ability to interact with internal and external stakeholders at every level
Ability to use discretion when handling confidential information
Strong analytical, reasoning and problem solving skills
 

REQUIRED SKILLS:
Candidate must have the ability to solve complex problems involving a wide variety of information systems.
Candidate must be able to understand and differentiate between critical and non-critical systems and networks.

MINIMUM EDUCATION/MINIMUM EXPERIENCE REQUIRED:
Position requires a Master's Degree in computer science, electronics engineering or other engineering or technical discipline plus 5 years of experience. 10 years of additional relevant experience may be substituted for education.