Hybrid Position (Local to MD): Security Analyst - Assessment and Authorization

Client is seeking an information security analyst who will be a key member of a consulting team providing advice, support, and reporting to federal agencies, in Assessment and Authorization for Information Systems. This role will be primarily responsible for interfacing with and reporting to federal government personnel responsible for Information Technology systems inside the client network boundary.

Key Responsibilities

• Responsible for the ATO packages and Assessments in the client’s Cyber Security Program (CSP).
• Ensures client’s information security policies, standards, and guidelines are in compliance by the individual systems Owners. 
• Ensures that NIH Information Security policies, standards, and guidelines are compliant within the client’s enclave.

• Assists the client in developing the documentation for the security audits of their developed systems.
• Performs security audits of the client systems.
• Assists the NIH Contracting Officers and Program Managers staff along with the external contractors in developing the documentation for the security audits of the contracted systems.

Basic Qualifications

• Excellent teamwork skills
• Able to speak effectively with senior government officials and in group settings
• GCIA, GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred

• Must have minimum of 5-year auditor experience under Risk Management Framework
• Minimum bachelor’s degree in Information Security, Computer Science, or 8 years’ experience in an IT-related field. Exceptional candidates with proven years of experience in security.
• Ability to work at the client’s site in Rockville, MD with limited telework/remote work options

Strong knowledge of the following

• ATO Security Package Analysis
• Understanding of POA&M, Government Waiver policies, Disaster Recovery, and Incident Response Plans
• Preferred experience with CSAM/JCAM