Information systems security analyst

Information Systems Security Analyst

Fully Remote

Job Type

Full-time

Description

Overview

Tanaq Support Services (TSS) delivers professional, scientific, and technical services and information technology (IT) solutions to federal agencies in the health, agriculture, technology, and other government services. TSS is a subsidiary of the St. George Tanaq Corporation, an Alaskan Native Corporation (ANC) committed to serving Federal customers while also giving back to the Tanaq native community and shareholders.

About the Role

We are seeking an Information Systems Security Analyst to work collaboratively with our federal government client to deliver security solutions to the government and their stakeholders. Candidate will collaborate with customer technical and non-technical leadership to create security solutions that meet customer needs and adhere to the customer's established performance and security standards. The Information Systems Security Analyst will provide IT Security support to client information systems and serve as an IT Security consultant and advisor to system stakeholders on matters related to regulatory compliance, security controls, threats, and vulnerabilities.

This is a fully remote position that can be based anywhere in the U.S.

Responsibilities

• Support and assist system security activities to ensure adherence to applicable, federal IT security policies and procedures

• Provide a full range of support for Security Assessment and Authorization (SA&A) activities

• Recommend creative technical solutions to security challenges that incorporate evolving security regulations, policies, and mandates into agency systems

• Advise, consult, and assist IT security personnel with evaluating, testing, and implementing technologies to augment the security of IT components such as user authentication and validation, data encryption, secure key storage, PKI key management, Smart Card integration, and mitigating identified system security vulnerabilities as they arise

• Work with senior-level system owners, mission leads, IT Governance, and the Information Systems Security Officer (ISSO) to ensure system compliance and protection activities of software development projects

• Work with program and technical teams to perform security analysis on technical solutions and provide security compliance and guidance input as required

• Assist system owners with identifying and utilizing relevant enterprise shared services and solutions to enable compliance and security activities

• Become a trusted security subject matter expert supporting various mission leaders and activities

• Facilitate table-top exercises

• Manage the SAA process for assigned systems including development of NIST compliant System Security Plans, Rules of Behavior, Continuity of Operations and Disaster Recovery Plans, Risk Assessments, Interconnection Security Agreements, Incident Response Plans, Data Sharing and Use Agreements, PIA, BSI, etc.

• Following formal approval, maintain system authorizations through proactive monitoring of system compliance, formal change management, corrective actions, and package updates

• Develop and maintain system risk assessments and, as/if needed, remediation and mitigation plans

• Perform technical IT system security/vulnerability assessments using provided tools - interpret results and manage remediation's as needed

• Support various other security-related activities including facilitation of change control processes and data call responses; management of encrypted / secure data storage devices; and the evaluation, justification, and management of software and third-party website approvals

• Develop and maintain a solid working knowledge of our federal government customer and federal security regulations, policies, laws, and requirements

• Evaluate systems for compliance with Federal security requirements and develop reports of findings and corrective action plans

• Conduct vulnerability scans and determine appropriate mitigations

• Perform security reviews and document findings and recommendations

Requirements

Required Skills and Experience

• Previous experience working at a federal government agency preferred

• Minimum of 2 years of experience as Information Systems Security Analyst

• Experience with industry standard security / vulnerability assessment tools

• Information security and compliance knowledge

• Strong understanding of Microsoft SharePoint architecture

• Security policy development and process implementation experience in public health Federal government agencies preferred

• Security policy development and process implementation experience in Federal agencies preferred

• Desire and ability to quickly obtain industry certifications if needed

• Demonstrated knowledge of computer operating systems and networks, component architectures, application development, and/or data management processes and technologies - the successful candidate must understand the fundamental technical components, processes, and interactions of enterprise-level information systems

• Demonstrated knowledge of fundamental information security concepts and processes such as risk assessment and mitigation strategies, security control techniques and technologies, assessment and evaluation methods, and user access control methodologies

• Excellent analytic skills - the successful candidate must be able to receive information, digest it, and apply standards and requirements to that information and to produce a clear and effective evaluation / assessment

• FedRAMP experience highly desired

• Demonstrated technical documentation capability

• Excellent communication skills - both written and verbal

• Demonstrated problem-solving capability

• Ability to effectively manage time, and prioritize and execute tasks in a high-pressure environment

• Must be able to work independently and within deadlines

• Ability to pass required Federal background screening / security check including basic and expanded investigations

• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

Education and Training

• Bachelor's degree in Computer Science, Information Systems Management, or a related field

• One or more industry certifications including CISSP, SANS GIAC Certifications, IAT Level I-III, or NSA's IAM/IEM preferred

Physical Requirements

• Prolonged periods of sitting at a desk and working on a computer. May need to lift up to 25 pounds occasionally.

Who We Are

Tanaq Support Services strives to deeply understand and analyze our clients' vision, needs, and requirements so we may provide alternative solutions, empowering them to choose the best resolution. We aim to achieve excellence by delivering on our commitments to our clients, employees, and partners.

Our Commitment to Non-Discrimination

Tanaq Support Services is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local law. Tanaq complies with the Drug-free Workplace Act of 1988 and E-Verify.

If you are an individual with a disability and need assistance completing any part of the application process, please email accommodation@tanaq.com to request a reasonable accommodation. This email is for accommodation requests only and cannot be used to inquire about the status of applications.

Notice on Candidate AI Usage

Tanaq is committed to ensuring a fair and competitive interview process for all candidates based on their experience, skills and education. To ensure the integrity of the interview process, the use of artificial intelligence (AI) tools to generate or assist with responses during phone, in person and virtual interviews is not allowed. However, candidates who require a reasonable accommodation that may involve AI are required to contact us prior to their interview at accommodation@tanaq.com.