Information Technology Security Analyst

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from Connexions Federal Services

IT Security Analyst

Location: Herndon, VA

Duration: 12 Months

Summary: The Security Analyst (SA) will work as a member of the client cyber team. The SA will assist with creating, updating, and maintaining FedRAMP security documentation, artifacts, and Continuous Monitoring (CONMON) requirements such as the Plan of Action and Milestones (POAM). They will also assist the Cloud Operations team with identifying and correcting vulnerabilities. Additionally, the SA provides advisement on regulatory, government, and Cloud / FedRAMP policies, including risk assessments, business impact analysis, system categorization, security authorization, and accreditation activities (A&A). They will also handle security control inheritance and other artifacts to validate client control compliance.

Required Skills

• Understand and document information system specifications and security controls, including diagrams and data flow diagrams.
• Advise stakeholders on multiple courses of action amidst changing policies, e.g., NIST RMF and DISA SRG.
• Document and recommend risk mitigation strategies in accordance with FedRAMP, SAP NS2 policies, and best practices, including benefits and drawbacks.
• Apply enterprise security frameworks such as FISMA and NIST SP 800 to cloud initiatives.
• Develop and update policies for FedRAMP compliance, NIST 800-171, and other DFAR clauses.
• Understand enterprise environments, security posture, and controls.
• Familiarity with current FedRAMP, DoD, and NIST security controls and vulnerability management tools.
• Assess Cloud System status, vulnerabilities, RMF package, compliance, and patching mechanisms.

Required Experience

• Knowledge and ability to analyze systems for Cybersecurity compliance.
• Ability to work in fast-paced, team-oriented environments.
• Experience with security scanning tools like NESSUS, Splunk, etc.
• Knowledge of Federal and DoD policies, risk assessment methodologies, including FedRAMP.
• Experience in writing or executing security documentation, authorization packages, POA&Ms, and policies.
• Strong technical writing and editing skills.
• Excellent presentation and public speaking skills.
• Knowledge of DISA STIGs, SRGs, CNSSI instructions, and NIST RMF.
• Understanding of systems and networking technologies.
• Ability to interpret network diagrams using Visio.
• Experience supporting cybersecurity in testing, staging, and pre-production environments.
• Knowledge of Privacy Act.

Mid-Senior level

Contract

Information Technology and Consulting

IT Services, IT Consulting, and Information Services

Referrals increase your chances of interviewing at Connexions Federal Services by 2x.