Cybersecurity Analyst - Hybrid -Local to GA only

Interview Type: Skype *** Very long term project; expect to go for 4+ years ***w2 or 1099 or c2c *** ***Hybrid*** Only local to GA resource .

Description:

The Georgia Department of Human Services, Office of Information Technology, is seeking a qualified candidate for the temporary contractor staffing position of Cybersecurity Analyst as part of the Information Security Team.

*REQUIRED CERTIFICATIONS MUST BE UPLOADED*

The Office of Information Technology is the office within DHS that provides computing, applications management, IT procurement, network and telecommunications services to all DHS divisions and offices.

Responsibilities

• Proven experience in cybersecurity operations with hands-on expertise in monitoring and managing multiple security tools, including vulnerability scanning platforms such as Tenable (Nessus, Tenable.sc, or Tenable.io).
• Continuously monitor security tools and systems (e.g., SIEM, IDS/IPS, CrowdStrike EDR, DLP, Tenable vulnerability scanners) to detect, investigate, and respond to potential threats in real time.
• Maintain and oversee the CrowdStrike platform, ensuring proper configuration, alert triage, threat hunting, and endpoint coverage across the organization.
• Analyze data/information from one or multiple sources to conduct preparation of the environment, respond to requests for information, and submit intelligence collection and production requirements in support of planning and operations.
• Interact at multiple levels of the organization to establish and maintain a strong and adaptive security posture that aligns with organizational risk tolerance, information access requirements, business strategies, and compliance requirements.
• Integrate overarching security frameworks across multiple, complex disciplines in support of the business needs of the Agency to provide customer-focused technology solutions in a secure, cost-effective, and efficient manner.
• Strong knowledge of system administration, including configuration, hardening, patch management, and monitoring of Windows and Linux servers
• Coordinate and oversee the production of evidence to support internal and external audits.

Conduct internal risk, vulnerability, and compliance assessments to:

• Identify risks, vulnerabilities, and compliance shortcomings; and recommend/develop security measures, policies, and controls for risk/vulnerability mitigation and remediation of compliance findings.
• Prepare and/or update incident response plans and perform incident response activities as directed and in accordance with established Agency procedures and guidelines and those of the Georgia Technology Authority (GTA).
• Ensure periodic monitoring of audit logs occurs in accordance with requirements, and report findings and concerns for further analysis and/or action, including breach notification and initiation of incident response, in accordance with Agency protocols/procedures and CISO direction/guidance.
• Work with developers to plan, implement, manage, and coordinate appropriate security measures for information systems/applications that control access to data, and prevent unauthorized modification, destruction, or disclosure of information in accordance with federal, state, local, and agency requirements, policies, and directives.
• Prepare and/or update Plan of Actions & Milestones (POA&M) that identify security weaknesses and establish milestones and compensating controls for remediating these weaknesses and tracking the progress and effectiveness of the remediation.
• Serve as a Subject Matter Expert (SME), advising on current best practice and strategies for the protection, auditing, and monitoring of data, data storage, and transmission paths.
• Work with business owners, IT managers, staff, and vendors to provide timely and efficient coordination of information assurance/security services to meet Agency needs.
• Prepare and communicate status of Agency information security programs and projects to senior executives through oral and written reports and presentations.
• Assist with information security awareness training activities and preparation of awareness training materials.
• Develop and communicate security metrics to assess effectiveness of, and compliance with, the Agency s InfoSec policies and controls.
• Performs other professional responsibilities as assigned.

Qualifications:

Bachelor's degree in information technology, computer science, information assurance, or a related field from an accredited college or university AND Five years of information technology experience, One year of which in information security or information assurance. Note: An equivalent combination of education and job specific experience that provided the knowledge, experience and competencies required to successfully perform the job at the level listed may be substituted on a year-over-year basis.

Desired Skills/Qualifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Demonstrated professional experience developing and communicating an information security strategy and aligning projects, initiatives, and resources to execute against the strategy.

Required Skills

• 5+Years Demonstrate knowledge of network, operating system, database and application security .
• 3+Years Knowledge of current and emerging (Next Gen) Information Security Technologies and Practices
• 5+Years Proven experience with NIST 800-53 and/or CMS MARS-E/ARC-AMPE
• 5+Years Experience in Cloud-based solutions and environments
• 5+Years System administration experience with Linux and Windows
• 5+Years Information security or Information assurance experience

Desired Skills

• Experience implementing and complying with Federal and State Laws 2 Years
• Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) (MUST UPLOAD CERTIFICATION)