Intermediate System Security / Information Assurance Analyst

Intermediate System Security / Information Assurance Analyst - REMOTE

Prefer candidates from DC metro area

Qualifications and Special Knowledge Requirements

• Bachelor s degree and four (4) years of relevant experience.
• Bachelor s degree must be in Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology, or other IT degree, engineering, math, and/or science.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified Authorization Professional (CAP), Security+, Information Technology (IT) certification, or equivalent certification.
• Personnel may obtain the required certification within a period not to exceed one (1) year, where applicable.

Duties and Responsibilities

• Assess, develop, and implement security policies and procedures to align with frameworks such as NIST RMF, FedRAMP, FISMA, ISO 27001, and DoD STIGs.
• Conduct security risk assessments and gap analyses to identify vulnerabilities in systems and networks.
• Ensure compliance with federal regulations, industry standards, and organizational security policies.
• Assist in the preparation of System Security Plans (SSPs), Security Control Assessments (SCAs), and Authority to Operate (ATO) packages.
• Perform Plan of Action & Milestones (POA&M) management, tracking remediation efforts for security findings.
• Monitor security logs, alerts, and events using SIEM tools (e.g., Splunk, ArcSight, etc.) to detect, investigate, and mitigate cyber threats.
• Respond to security incidents, vulnerabilities, and breaches, conducting forensic analysis and impact assessments.
• Develop and refine incident response plans (IRPs) and participate in cybersecurity exercises and drills.
• Configure and manage security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security, and encryption solutions.
• Support the implementation of Zero Trust Architecture (ZTA) and Identity & Access Management (IAM) controls.
• Perform patch management and vulnerability remediation for IT assets, ensuring compliance with security benchmarks (DISA STIGs, CIS Benchmarks, SCAP).
• Develop and maintain security documentation, policies, and procedures for system accreditation.
• Conduct security awareness training for employees and stakeholders.
• Support audit and certification processes, working with internal and external security assessors.
• Review secure software development lifecycle (SDLC) practices, ensuring applications meet security best practices.
• Assist in securing cloud-based environments (AWS, Azure, Google Cloud) through security controls like CASB, CSPM, and cloud encryption.
• Conduct security reviews for third-party applications and vendors to mitigate supply chain risks. Knowledge, Skills, and Abilities
• Proficient in analysis activities and capable of applying theoretical body of knowledge, including the ability to apply a variety of standard and advanced analytical techniques and tools.
• Assessing risk impact and security control effectiveness in real-world scenarios.
• Making data-driven decisions to improve security posture while balancing operational requirements.
• Ability to analyze security threats, correlate logs, and identify vulnerabilities in systems and networks.
• Troubleshooting security issues across multi-layered architectures.
• Ability to make decisions in accordance with established policies, guidelines and standards.
• Working with cross-functional teams, executives, and auditors to implement security best practices.
• Training employees on security awareness and compliance programs.
• Staying updated with emerging threats, security technologies, and regulatory changes.
• Ability to quickly adapt security strategies to evolving IT environments and threats.
• Writing security reports, compliance documentation (SSPs, POA&Ms), and security policies.
• Communicating security risks effectively to both technical and non-technical stakeholders
• Strong organizational skills with the ability to multi-task, manage time effectively, and handle tight deadlines.
• Highly responsive to requested needs.
• Proficient in analysis activities and capable of applying theoretical body of knowledge, including the ability to apply a variety of standard and advanced analytical techniques and tools.
• Extensive knowledge of business issues and processes as well as IT and Security resources and enabling technologies.
• Skilled in the use of advanced analysis, facilitation and consultative techniques and tools and the ability to apply them in multiple settings of significant complexity.
• Excellent oral and written communication skills including the ability to effectively consult with stakeholders on a diverse range of IT activities.
• Ability to work with confidential and proprietary information using utmost discretion

Disclaimer: i-Link Solutions Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. We especially invite women, minorities, veterans, and individuals with disabilities to apply. EEO/AA/M/F/Vet/Disability.