Cyber Security Analyst

Overview

Soft Tech Consulting is seeking a highly motivated, self-directed individual to fill the role of a Cyber Security Analyst . This is an exciting opportunity to work with a team responsible for IT Security Risk and Compliance by providing direct support to the Information System Security Officer (ISSO). The Cyber Security Analyst will support the IT Security management with technical review, technical solution proposal, and planning in the areas of security controls, risk assessment, issue analysis, and response development and execution.

REQUIRES TOP SECRET CLEARANCE

ONSITE - WASHINGTON, DC

SOME REMOTE WORK POSSIBLE

Responsibilities

• Perform root cause analysis of audit findings.
• Develop requirements for security control remediation activities.
• Review audit closure requests and status reports for security control accuracy and completeness.
• Develop plans to address gaps in the General Support System’s security posture.
• Develop security recommendations following NIST 800-53 rev.5 guidance and security best practices.
• Support the development of security solutions.
• Formulate, create, and track security Plans of Action and Milestones (POA&Ms).
• Coordinate with platform teams to maintain currency of the system’s technical description and control implementation statements
• Perform a security impact analysis for each proposed change to the system’s configuration.
• Review and update security artifacts and process/procedure documents.
• Interpret security principles and requirements for technical teams.
• Collaborate with ISSOs of other FISMA systems to ensure continued compliance with security control inheritance conditions.
• Monitor remediation of system vulnerabilities discovered by scanning tools.
• Develop and maintain Splunk reports, dashboards, and alerts.

Qualifications

• Bachelor's Degree in Computer Science or equivalent
• At least two (2) years working as or supporting, an ISSO or ISSM.
• Experience with information security engineering practices and NIST security controls.
• Demonstrated experience with implementation of NIST Risk Management Framework.
• Broad understanding of security protections typical in enterprise environments, including security hardening, firewalls, and boundary/endpoint best practices.
• Basic understanding of server, workstation, network, and database architecture.
• Familiarity with cloud service providers such as AWS and best practices.
• Familiarity with Splunk, Symantec Endpoint Protection, Tenable Security Center, IBM BigFix and IDS/IPS tools, and Sonarqube.
• Knowledge of security policy/manuals, and other guiding policy documents.
• Strong interpersonal, presentation, and communication skills (verbal and written).
• Fluent with Microsoft Office products (Word, PowerPoint, Excel, Project, Visio).
• Experience with AWS Security
• Experience with Application Security
• Experience with Application Security Assessments
• Experience with Cloud Security Risk Management
• Experience with Cyber Security Governance
• Must be able to work independently, with minimal oversight.
• Able to develop strong client relationships.
• Excellent verbal and written skills
• Detail oriented.