Contract Security Analyst specializing in security operations and incident response for cloud security at Embark. Focus on alert handling, detection engineering, and data loss prevention.
About the role
- Journeyman Information Security Analyst providing expertise to federal clients in Security Controls Assessments and Risk Analyses. Responsibilities include technical assessments and recommendations for security improvements.
Responsibilities
- Execute the hands-on manual technical NIST SP 800-53 security control assessments including any overlays (e.g. high value asset, artificial intelligence, critical software, FedRAMP, etc.)
- Assess the impacts of new laws, regulations, policies, and guidance on client Security Assessment requirement initiatives and advise on recommended process changes. Additionally review current client policies, guidance, manuals, and supporting tools to recommend updates and improvements, and assist with the implementation of any new guidelines
- Recommend process improvements and automated approaches to support testing methodologies, establishing streamlined/agile approaches for Security Controls Assessments
- Maintain key assessment package templates to ensure compliance with current/emerging federal guidance and lessons learned
- Execute security controls assessments and provide training to ensure Government staff understand and can perform security control assessments
- Provide subject matter expertise to incorporate threat modeling & hunting into the security control assessment process, improving the Government’s ability to proactively identify and mitigate risks
- Identify, develop, and implement automation solutions that enhance the efficiency, accuracy, and timeliness of program operations. Evaluate current business processes, workflows, and system interactions to determine opportunities where automation—such as robotic process automation (RPA), workflow orchestration, data transformation tools, or other intelligent automation technologies—can reduce manual workload, eliminate redundancies, and improve mission outcomes
Requirements
- Must be a U.S. Citizen
- Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field
- Security+ CE certification required
- Higher-level certifications (e.g., CISSP, CISM, CEH, CAP) are highly preferred and may substituted for additional years of experience
- 5 to 8 years of progressively responsible experience in information security, cyber risk management, or IT security operations
- At least 3 years of hands-on experience in system security analysis, vulnerability management, or incident response within a Federal Information Systems Security or equivalent enterprise environment
- Excellent presentation and verbal communication skills
- Ability to create accurate written work products by following Job Aids and document templates
- Ability to work under pressure and tight timelines for multiple projects with positive attitude and flexibility
- Knowledge of FISMA, NIST Special Publications, OMB, Risk Management Framework (RMF), and ISCM Plan development.
- IT security knowledge with desired Professional Certifications from the International Information System Security Certification Consortium (ISC)2, the International Society for Automation (ISA), the Project Management Institute (PMI), CompTIA, or the SANS Institute
- Knowledge and experience with technology risk assessments covering Webservices, network appliances and software
- Knowledge and experience of the IRS Enterprise Lifecycle and OneSDLC
- Knowledge of System Interconnections to include virtual private network (VPN) and other encryption technologies
- Knowledge and experience with cloud systems, CSPs, and FedRAMP requirements
- Project management experience, experience in monitoring and overseeing multiple tasks concurrently
- Knowledge/experience with Qmulos Q-Compliance, SharePoint, scanning tools, ServiceNow GRC, SPLUNK is preferred
- Ability to pass a federal government background investigation; the investigation will involve a credit, fingerprint, and law enforcement agency check
Benefits
- Medical, Dental, and Vision insurance
- Retirement savings 401K plan provided by an industry leading provider with 3% employer contributions of the employee’s gross salary
- Paid Time Off and Standard Government Holidays
- Life Insurance, Short- and Long-Term disability benefits
- Training Benefits
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Cyber Security Analyst providing security operations support for USAF Cloud One project. Engaging in incident response and cybersecurity compliance activities within a hybrid environment.
Cybersecurity Analyst responsible for monitoring, analyzing, and responding to security incidents in SOC. Developing detection rules and conducting threat - hunting campaigns within a hybrid work setup.
Information Security Analyst working with Optasia to enforce security controls and protect data. Collaborating on technical projects and auditing systems in a hybrid work environment.
Cyber Security Analyst investigating and responding to security events at A+E Global Media. Collaborating cross - functionally to improve detection and response processes.
Information Security Analyst handling security monitoring and incident response tasks for educational technology company. Collaborating with IT teams to enhance security measures and compliance.
Security Specialist providing comprehensive security support to USAFE - AFAFRICA operations. Drafting policies, conducting assessments, and collaborating with military leadership for force protection.
Senior Asset Security Analyst responsible for governance and security of assets at Afya. Ensuring protection of people and information while mitigating risks and complying with regulations.
Security Analyst (IAM) focusing on IAM design and governance for Whirr Crew's infrastructure. Enhancing security protocols and collaborating with various technical teams.
Cyber Security Analyst providing technical information security support at IntelePeer. Focus on Microsoft Defender administration and security compliance operations.