logo

View all jobs

Security Analyst

Woodlawn, MD
Security Analyst
Location: Woodlawn, MD – Currently remote
 
FosterThomas, a Mid-Atlantic Staffing and Recruiting Firm, is leading the search for a Security Analyst for our Client located Woodlawn, MD (remote).
 
Our client is an information technology company helping businesses and government agencies modernize and thrive by applying the power of technology. They began making a mark in the federal healthcare space in 2004, where we continue to actively modernize systems to improve healthcare’s value for millions of Americans. Since then, their work has expanded across various sectors and industries, where they help our customers stay ahead of the new and make the world in which we live, better.
 
Responsibilities:
The Security Analyst is an individual with assigned responsibility for maintaining the appropriate operational security posture for a federal information system or program.  This individual would require hands-on experience evaluating, designing, documenting, implementing, operating, testing, and monitoring security and privacy controls that support the information system security and privacy program.
  • Work with developers to refine security checkpoints in the SDLC and make sure information security risks are managed throughout all the phases of the SDLC.
  • Use automated tools to perform source code security analyses to identify vulnerabilities and attack vectors in web applications.
  • Provide FedRAMP requirements and guidance.
  • Provide Federal Information Security Management Act (FISMA) support and subject matter expertise.
  • Independently develop a variety of C&A deliverables including: System Security Plans, E-Authentication Risk Analysis, Privacy Impact Assessments, Annual Assessments, Contingency Plans, Incident Response Plans, and FIPS 199 Security Categorizations, etc.
  • Develop and maintain Plans of Action and Milestones corrective actions for audit findings.
  • Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
  • Performs periodic internal audits, vulnerability assessments, and Web Application testing.
  • Maintains current knowledge of relevant technology as assigned.
  • Participates in special projects as required.
 
Qualifications:
  • Work with developers to support secure coding practices, explain application-related security findings and how to reproduce them, and make sure information security risks are managed throughout all the phases of the SDLC.
  • Use automated tools to perform static source code and dynamic security testing to identify vulnerabilities and attack vectors in web applications.
  • Complete a Security Impact Analysis as part of each sprint within an agile development organization.
  • Support, implement, maintain, and monitor security and privacy controls in compliance with FISMA, HIPAA, FedRAMP, and NIST RMF requirements and guidance.
  • Plan, document, implement, assess, maintain, and monitor security and privacy controls in accordance with requirements, policies, standards, processes, and procedures documented in the CMS BPSSM, ARS 3.1, TRA, and RMH.
  • Independently develop a variety of security authorization package-related deliverables including: System Security Plans, Information Security Risk Assessment, Privacy Impact Assessments, Contingency Plans, Incident Response Plans, and other security and privacy plans, processes, and procedures.
  • Support audits, assessments, and penetration test-related documentation requests and vulnerability remediate efforts.
  • Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses identified in security tests and/or audits.
  • Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
  • Performs periodic internal audits, vulnerability assessments, and Web Application security testing.
  • Maintain current knowledge of relevant security and privacy trends and technology.
  • Participate in special projects as required.
 Preferred
  • Hands-on experience with implementing, documenting, maintaining, and monitoring CMS Acceptable Risk Safeguards control requirements.
  • Experience in implementing and enforcing policies, procedures and guidelines in a complex environment.
  • Experience assisting with the implementation of an automated CI/CD DevSecOps pipeline
  • Experience driving ATOs including the privacy controls specified in NIST SP 800-53 rev 4 Appendix J.
  • Experience in the development, implementation and operation of IT Security Strategy within a complex environment.
  • Knowledge and experience with security best practices and relevant legislation.
  • Experience with IT Security management, access policy and management, authentication and SSO, authorization, audit, secure communications and network protection, data protection and privacy, and security administration.
  • Understanding of, and ability to communicate, security and risk implications to technical and non-technical audiences.
  • Experience working as part of an agile scrum team, assisting with security-related tasks and deliverables associated with bi-weekly sprints.
 Technical
  • Experience using vulnerability scanner such as Nessus, OpenVAS, Retina or Nexpose.
  • Experience running static analysis /static application security testing tools such as SonarQube, Fortify or Veracode.
  • Experience running dynamic application security testing tools such as WebInspect, AppSpider, Acunetix, AppScan, Qualys, Burp Suite Pro or OWASP ZAP.
  • Experience running component analysis tools such as Sonatype Nexus IQ, Synopsys Black Duck, OWASP Dependency-Check/Track.
  • Experience with GRC tools, such as CSAM, CFACTS, TAF, or Xacta.
  • Proficient in Microsoft Office (Word, Excel, PowerPoint, etc.) and Visio.
  • Ability to leverage Microsoft Project for project planning.
Residency Requirement
  • Must have lived in the United States at least 3 out of the last 5 years.
 Interpersonal Skills
  • Excellent interpersonal, verbal and written communication, and organizational skills - must be able to communicate fluently in English both verbally and in writing
  • Facts and data oriented.
  • Deadline and closure oriented.
  • Strong persuasion, facilitation and influencing skills.
  • Self-driven.
  • Strong analytical, organizational and project management skills.
  • Demonstrated ability to lead and work with cross functional teams including senior level individuals.
  • Must be able to thrive in a fast-paced, rapidly evolving environment with varying priorities, based on a team building culture.
 
 

More Openings

Interior Designer
Purchasing Agent
NLP Engineer

Share This Job

Powered by