Security Analyst- Hybrid

Security Analyst

The Security Analyst's primary duty is to manage security documentation across different environments, with a focus on Cloud tenants and IRS customers. Responsibilities may entail creating security documentation, utilizing RegScale, aiding in IRS, FedRAMP, SOC, or FISMA authorization/assessment processes, preparing the operations team, and updating documentation as necessary. This role involves acting as a mid-level security analyst, supporting documentation efforts, offering insights into processes and procedures, and implementing security controls.

This position will be a hybrid model. The candidate will need to come into their Reston, VA office once a week.

What You Will Be Doing:

• Collect data, architecture diagrams, and oversee the implementation of security controls by collaborating with security engineering, operations, and build teams.
• Create security documentation, including System Security Plans (SSP), security plans, procedures, and processes.
• Regularly review and update all security documentation to ensure accuracy and relevance.
• Interpret and communicate the objectives of IRS, FedRAMP, FISMA, and other applicable security controls.
• Assist in the authorization processes for FedRAMP, FISMA, PCI, ISO, SOC, etc., by providing support such as training and mock interviews for the operations team, updating documentation as needed, and fulfilling requests from FedRAMP PMO, agencies, or CISOs.

Required Skills & Experience:

• Bachelor's Degree in Computer Science / MIS / Information Technology, or equivalent experience in Information Security, Information Technology, or related technical discipline
• Minimum 7 years Information Technology experience.
• Proficiency in Cloud technologies, particularly AWS, Azure, and/or Google Cloud, is advantageous.
• Familiarity with FedRAMP and/or other authorization processes and the NIST risk management framework is preferred.
• Experience in crafting, assessing, and implementing information security architectures, technologies, standards, and practices to safeguard applications and IT systems is desirable.
• Skilled in developing security documentation such as SSPs, policies, and procedures.
• Demonstrated flexibility, self-motivation, and ability to thrive in a dynamic work environment.
• Strong communication skills and a track record of effectively collaborating with IT and business management across various levels.
• Understanding of Testing, Development, Staging, and pre-production environments requiring cybersecurity support.
• Knowledge of privacy regulations such as the Privacy Act, GDPR, and other data privacy frameworks.
• Experience in composing or executing system security documentation, authorization to operate packages, POA&Ms, and policies.

Desired Skills & Experience:

• Professional industry certifications in area of expertise.
• Knowledge of Best Practice and security guides (ex. NIST 800-53 rev 4, NIST 800-53, FedRAMP)
• Knowledge of security frameworks to include RMF, ISO, HIPAA, FedRAMP and HIPAA
• ISC CISSP or ISACA CISM or equivalent certification

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn't provide sponsorship.