The Security Analyst supports the performance of tasks associated with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). This individual supports the preparation of system and security documentation in accordance with Federal Information Security Modernization Act (FISMA) requirements throughout the various stages of the RMF. The Security Analyst works in a team environment and performs assigned tasks with minimal supervision and support. The Security Analyst works closely with system stakeholders to document system information, consult on system/authorization boundary topics, and ensure that applicable security controls are identified and documented appropriately. In addition, the Security Analyst provides support during the assessments of systems to which he/she is assigned by assisting with the tracking and gathering of evidentiary artifacts. After authorization of the system, the Security Analyst supports continuous monitoring by assisting with the scheduling of monitoring activities, maintaining system component inventories, tracking Plan of Action and Milestones (POA&M) entries, and performing user account compliance reviews.
Preferred Qualifications (Not all of these are mandatory but are considered a plus):