Analista de Ciberseguridad en CRG Solutions responsable de monitorear amenazas y gestionar vulnerabilidades en la organización. Identificación de riesgos y mejora continua de la postura de seguridad.
About the role
- Junior Information Security Analyst assisting federal clients at OCT Consulting with NIST security assessments and risk analyses. Responsible for executing hands-on security control assessments and recommending process improvements.
Responsibilities
- Execute the hands-on manual technical NIST SP 800-53 security control assessments including any overlays (e.g. high value asset, artificial intelligence, critical software, FedRAMP, etc.)
- Assess the impacts of new laws, regulations, policies, and guidance on client Security Assessment requirement initiatives and advise on recommended process changes. Additionally review current client policies, guidance, manuals, and supporting tools to recommend updates and improvements, and assist with the implementation of any new guidelines
- Recommend process improvements and automated approaches to support testing methodologies, establishing streamlined/agile approaches for Security Controls Assessments
- Maintain key assessment package templates to ensure compliance with current/emerging federal guidance and lessons learned
- Execute security controls assessments and provide training to ensure Government staff understand and can perform security control assessments
- Provide subject matter expertise to incorporate threat modeling and hunting into the security control assessment process, improving the Government’s ability to proactively identify and mitigate risks
- Identify, develop, and implement automation solutions that enhance the efficiency, accuracy, and timeliness of program operations. Evaluate current business processes, workflows, and system interactions to determine opportunities where automation—such as robotic process automation (RPA), workflow orchestration, data transformation tools, or other intelligent automation technologies—can reduce manual workload, eliminate redundancies, and improve mission outcomes
Requirements
- Must be a U.S. Citizen
- Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related technical field
- An associate degree plus 2 additional years of hands-on experience may substitute for a bachelor’s degree
- 1 to 3 years of relevant professional experience in information security, cyber risk management, network defense, or IT system administration with a security focus. Experience may include internships, co-op positions, or hands-on cybersecurity training
- programs that demonstrate applied understanding of security principles.
- CompTIA Security+ CE certification (or equivalent) required
- Network+, CEH, or CAP certifications preferred
- Excellent presentation and verbal communication skills
- Ability to create accurate written work products by following Job Aids and document templates
- Ability to work under pressure and tight timelines for multiple projects with positive attitude and flexibility
- Knowledge of FISMA, NIST Special Publications, OMB, Risk Management Framework (RMF), and ISCM Plan development.
- IT security knowledge with desired Professional Certifications from the International Information System Security Certification Consortium (ISC)2, the International Society for Automation (ISA), the Project Management Institute (PMI), CompTIA, or the SANS
- Institute
- Knowledge and experience with technology risk assessments covering Webservices, network appliances and software
- Knowledge and experience of the IRS Enterprise Lifecycle and OneSDLC
- Knowledge of System Interconnections to include virtual private network (VPN) and other encryption technologies
- Knowledge and experience with cloud systems, CSPs, and FedRAMP requirements
- Project management experience, experience in monitoring and overseeing multiple tasks concurrently
- Knowledge/experience with Qmulos Q-Compliance, SharePoint, scanning tools, ServiceNow GRC, SPLUNK is preferred
- Ability to pass a federal government background investigation; the investigation will involve a credit, fingerprint, and law enforcement agency check
Benefits
- Medical, Dental, and Vision insurance
- Retirement savings 401K plan provided by an industry leading provider with 3% employer contributions of the employee’s gross salary
- Paid Time Off and Standard Government Holidays
- Life Insurance, Short- and Long-Term disability benefits
- Training Benefits
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Compliance & Information Security Analyst at beqom managing GRC and TPRM functions. Overseeing client governance, risk, and compliance requests, and vendor due diligence at a SaaS company.
Security Compliance Analyst responsible for ensuring compliance with security regulations and collaborating on security measures across teams.
Senior Technical Expert in Cyber Defense Center at ZEISS analyzing global cyber threats. Collaborating with SOC, CIRT, and ensuring proactive defense strategies.
Information Security Analyst focusing on vulnerability research and data analysis at Flexera. Involves analyzing, verifying vulnerabilities, and maintaining high - quality content standards.
Oversee the testing lifecycle and provide cyber security solutions at Xcel Energy. Engage in various testing techniques and collaborate with teams to enhance quality practices.
Security Analyst II role at Deepwatch focusing on incident handling and cybersecurity analysis. Working with a team to improve security posture and customer experience in a hybrid environment.
Information Security Analyst II at West Bend handling security projects and collaboration with IT teams. Supporting security incidents and enhancing organizational information security policies.
Product Security Analyst establishing risk management across CHG Healthcare's multi - brand portfolio. Leading data classification initiatives and reporting on security risks.
Cybersecurity Analyst at Northrop Grumman leading systems accreditation and mentoring junior analysts. Involves development and implementation of Risk Management Framework and information assurance activities.