Intermediate Information Security Analyst

Overview

On Site
Hybrid
BASED ON EXPERIENCE
Full Time
Contract - W2
Contract - Independent

Skills

INFORMATION SECURITY ANALYST
INFOSEC
NIST
800-53
RISK MANAGEMENT FRAMEWORK
RMF
SECURITY CONTROL
RL-5
PA-2
XACTA
CISSP
COMPTIA
CISM
ISC2
SECURITY DOCUMENTS
CONTROL FRAMEWORKS
IMPLEMENTATION METHODOLOGIES
VULNERABILITY TEST TYPES
GRC TOOL
EMASS
CSAM
XACTA
CFACTS

Job Details

DSA is hiring an Intermediate Information Security Analyst. This is a full-time position supporting a customer in the DC Metro area. This position supports the Environmental Protection Agency (EPA). DSA is the Prime and has been working with this customer on this contract for more than 13 years. It is a dynamic team with a passion for supporting Federal programs that serve s.

Location is Hybrid: Allows the candidate the ability to work onsite at DSA or customer site with potential for telework. DSA work locations include Aberdeen, MD, Fairfax, VA and Trevose, PA.

Work Location is flexible with telework as approved. The ability to work onsite each week is required. Core work hours dedicated to DSA and our direct customer are 8 am est to 5 pm est.

The Environmental Protection Agency (EPA) Office of Information Security and Privacy (OISP) is responsible for developing and maintaining agency wide information security and privacy programs; developing and maintaining information security and privacy policies, procedures, and control techniques; training personnel with significant information security responsibilities and assisting senior agency officials with information security and privacy responsibilities.

The Intermediate Information Security Analyst will be an integral part of a team responsible for supporting the development and maturation of an Agency-wide information security (InfoSec) program for a large civilian Federal agency. The candidate will serve as a subject matter expert with regards to the Risk Management Framework (RMF) and all associated information security policies and procedures and should possess in-depth knowledge of applying, selecting and testing the NIST family of security controls.

Primary Responsibilities:

  • Advising stakeholders on InfoSec initiatives including compliance, awareness and training, and security operations.
  • Leading Independent Validation and Verification (IV&V) efforts on security authorization/ATO packages to ensure compliance to agency requirements.
  • Leveraging the existing Governance, Risk, and Compliance (GRC) tool, Telos Xacta (or an alternate like CSAM or RSA Archer), to track and reconcile findings from assessments, audits, and vulnerability scans.
  • Coordinating government data calls (FISMA, FMFIA, BDR, etc.) and monthly reports.
  • Assessing the effectiveness of the InfoSec and privacy training program and leading the collection, analyzing, and presentation of enterprise-level InfoSec performance metrics.
  • Managing InfoSec Program POA&Ms, including advising on remediation efforts.
  • Providing administrative support to Xacta (or equivalent GRC tool) users and authoring operational procedures.
  • Working closely with senior agency security officials, system owners, information system security officers (ISSOs) and other stakeholders to advise and implement security solutions.
  • Identifying opportunities for efficiencies in work process and innovative approaches.
  • Participating in team problem solving efforts and offer ideas to solve client issues.
  • Preparing and assisting in the development of policy and procedures.
  • Conducting relevant research, data analysis, and developing reports.
  • Preparing and assisting in the development of policy and procedures for program-level management and promoting consistency in program management best practices.
  • Implementing processes and procedures to monitor risk across programs / projects.
  • Preparing briefings to executive team to debrief the results of studies, analyses, and plans.

Required Qualifications:
  • Bachelor's degree in Information Technology or related field and 5 years of relevant IA experience. May substitute security certification (e.g. CISSP) for 2 years of experience.
  • Strong data analysis skills.
  • Excellent written and verbal communication skills.
  • Possess in-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 4 security controls.
  • Possess in-depth knowledge of NIST 800-37 Risk Management Framework.
  • Experience with a Governance, Risk and Compliance tool (e.g., Xacta, RSA Archer, CSAM or eMASS).
  • Excellent attention to detail.
  • Ability to handle and prioritize multiple tasks and deadlines.
  • Possible travel to DC Client site/DSA office for badging/equipment.

Desired Qualifications:
  • Intermediate level cybersecurity certification (e.g., CompTIA Security+, ISC2 CGRC).
  • In-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 5 security controls.


DSA specializes in providing cutting-edge data analysis and technology solutions to our government customers. With a team of highly skilled colleagues and the latest tools and technologies at our disposal, DSA is committed to helping our customers achieve their goals and stay in front of technology trends. As a member of our team, you will have the opportunity to work on a wide range of projects and collaborate with some of the brightest minds in the cleared industry. From data modeling and analysis to software development and implementation, you will have the chance to make a real impact on our clients' businesses and help them succeed in today's data-driven world. We offer competitive salaries, comprehensive benefits packages, and a supportive and collaborative work environment that encourages creativity and innovation. So, if you're ready to take your career to the next level and join a dynamic and growing company, you should apply!

Many of DSA's positions require the ability to obtain a security clearance. In addition, applicants who accept a conditional offer of employment may be subject to government security investigation(s) and must meet eligibility requirements for access to classified information. DSA is proud to be an Affirmative Action/Equal Opportunity Employer. DSA is committed to treating all employees and applicants for employment with respect and dignity and maintaining a workplace that is free from unlawful discrimination. All applicants will be considered for employment without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender (including pregnancy, childbirth, breastfeeding, or other related medical conditions), gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, characteristic or membership in any other group protected by federal, state, or local laws. DSA requires background checks, where permitted , by law. DSA is an E-Verify Employer.

Many of DSA's positions require the ability to obtain a security clearance. In addition, applicants who accept a conditional offer of employment may be subject to government security investigation(s) and must meet eligibility requirements for access to classified information. DSA is proud to be an Affirmative Action/Equal Opportunity Employer. DSA is committed to treating all employees and applicants for employment with respect and dignity and maintaining a workplace that is free from unlawful discrimination. All applicants will be considered for employment without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender (including pregnancy, childbirth, breastfeeding, or other related medical conditions), gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, characteristic or membership in any other group protected by federal, state, or local laws. DSA requires background checks, where permitted , by law. DSA is an E-Verify Employer.

#LI-AH1

About Data Systems Analysts Inc. (DSA)