Application Security Analyst

See job description
Full Time
Depends On Experience
Telecommuting not available Travel not required

Job Description

Job Description:

 

 

This position supports the General Services Administration (GSA) CAMEO program. The Karsun team is responsible for the development, maintenance, and enhancement (DM&E) and operation of selected GSA Federal Acquisition IT Systems. All employees must be able to pass a Federal Suitability Check for a position of public trust. The GSA CAMEO program supports the operations of multiple business applications, as well as development of new applications across different technologies. The Karsun software development team is responsible for the software design and implementation of web applications supporting multiple Business Lines within GSA. Successful candidates are modern web development specialists experienced in translating business requirements into software architecture. In addition to strong software development skills, ideal candidates have demonstrated experience in working on an Agile Scrum team. Position location is in Herndon, VA.

 

 

Responsibilites:

Develop secure coding guidelines and best practice documentation for custom developed applications as well as ensuring the guidelines are followed. Collaborate with development teams to ensure secure coding best practices are followed. Identify tools and automate rules into DevSecOps pipelines to ensure coding practices are followed and vulnerabilities & risks are identified early. Works with developers, management, and staff to identify and implement security plans for applications in accordance with FISMA, NIST-SP800-53 and DISA STIG. Interpret operating system, database, and web application vulnerability scan reports. Collaborate with development teams to guide remediation of software vulnerabilities. Work with client's ISSM and ISSOs to support Information Assurance and audit activities. Track and manage existing and future vulnerabilities through the system Plan of Action and Milestones (POA&M). Remediating issues identified in PoAMs as specified by security policy. Write and update security documentation (System Security Plans, Contingency Plans, Business Impact Analysis, Privacy Impact Assessments, etc.).

Additionally, provide continuous monitoring support, maintaining and monitoring controls within the system security plan. Support security assessment, Payment Card Industry (PCI) Data Security Standards (DSS) and other Audit activities such as annual FISMA self-assessments. Ensure compliance with the GSA IT Security Policy CIO P 2100.1H, IT Security Procedural Guide Managing Enterprise Risk (CIO-IT Security-06-30 revision 7, IT Procedural Guide Security Language for IT Acquisition Efforts CIO-IT Security-09-48 revision 1. Perform Privacy Impact Assessments (PIA) and maintain PCI DSS as appropriate. In support of audits, providing evidentiary artifacts and responding to inquiries/questions from auditors. Assist application teams in migrating security controls to cloud (AWS, Azure, GCP, etc.)

 

 

Required Skills:

  • Extensive knowledge of NIST Publications (800-53, etc.), FISMA, PCI-DSS
  • Great oral and written communication skills
  • Strong Cloud security best practices
  • Security documentation writing experience: System Security Plan (SSP), Contingency Plans (CP), Plan of Action and Milestones (POA&M), Acceptance of Risk (AOR), Business Process Document (BPD), etc.

Desired Skills:

  • Knowledge of GSA policies and procedures
  • ISSO role experience in a production environment supporting application teams and CI/CD pipeline
  • Strong SDLC understanding

Qualifications (Education/Experience)

  • Minimum Education: B.S. Computer Science or Information security degree
  • Minimum 5 years experience of ISSO role experience in a production environment supporting application development teams
  • Security related certifications (CISSP, CISM, CISA)

For more information on this or any other position,

Karsun Solutions is an Equal Employment Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Dice Id : RTX15a3f1
Position Id : 105861541
Have a Job? Post it