You haven't searched anything yet.
Index Analytics, LLC, is a rapidly growing, Baltimore-based small business providing health-related consulting services to the federal government. At the center of our company culture is a commitment to instilling a dynamic and employee-friendly place to work. We place a priority on promoting a supportive and collegial team environment and enhancing staff experience through career development and educational opportunities.
The Information Security Systems Analyst (InfoSec SA) performs cybersecurity-related tasks designed to safeguard the security of systems and information assets by protecting against unauthorized access, modification, or destruction.
The InfoSec SA demonstrates expertise in various systems administration concepts, practices, and procedures. They rely on extensive experience and judgment to plan and accomplish goals. They perform a variety of complex tasks, and a wide degree of creativity and latitude is expected. They lead and direct the work of others, typically reporting to department management or executive. They may provide consultation on complex projects and be a top-level contributor/specialist in the department. They must be an expert at problem-solving, identifying risk, and communicating results and recommendations to department management.
The InfoSec SA will:
Manage information systems security including disaster recovery, database protection, and software development
Perform technical support focused on developing, operating, managing, and enforcing security capabilities for systems and networks
Analyze information security systems and applications, then recommend and develop effective security measures
Identify, report, and resolve security violations
Evaluate IT infrastructure in terms of risk to the organization and establish controls to mitigate loss
Determine and recommend improvements in current risk management controls and system changes or upgrades
Work with end users to determine needs, implement policies or procedures, and track compliance through the organization
Establish, plan, and administer the information security function's overall policies, goals, and procedures
Implement network security policies and procedures to ensure network (LAN/WAN, telecommunications, and voice) security and protect against unauthorized access, modification, or destruction
Responsibilities
Aid project teams in compiling documentation for Security Compliance Audit/Adaptive Capability Testing (SCA/ACT), Security Impact Analysis (SIA), and Authority to Operate (ATO) prior to project implementation and support the recurring and ongoing security requirements.
Work with Federal Agency and contract-supported Information System Security Officers (ISSOs) to monitor and track the progress of remediations to security findings.
Work with developers to support secure coding practices, explain application-related security findings and how to avoid reproducing them, and ensure information security risks are managed throughout all the phases of the software development lifecycle (SDLC).
Use automated tools to perform static source code and dynamic security testing to identify vulnerabilities and attack vectors in web applications.
Provide support for contract-supported programs, federal agencies, federally owned system, or enclaves' information assurance programs.
Provide support for proposing, coordinating, implementing, and enforcing information security policies, standards, and methodologies.
Perform vulnerability/risk assessment analyses to support certification and accreditation.
Provide configuration management (CM) for information system security software, hardware, and firmware.
Manage changes to the system and assess the security impact of those changes.
Prepare and review documentation to include Systems Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).
Support security authorization activities in compliance with the U.S. Department of Health & Human Services (HHS) for the Centers for Medicaid and Medicare Services (CMS) and the Food and Drug Administration (FDA).
Complete a Security Impact Analysis as part of each sprint within an agile development organization.
Support, implement, maintain, and monitor security and privacy controls in compliance with Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) requirements and guidance; knowledge of Cybersecurity Maturity Model Certification (CMMC) requirements is a plus.
Plan, document, implement, assess, maintain, and monitor security and privacy controls per requirements, policies, standards, processes, and procedures documented in the CMS BPSSM, ARS 3.1 and 5.0, TRA, and RMH.
Support audits, assessments, penetration test-related documentation requests, and vulnerability remediate efforts.
Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses identified in security tests and audits.
Recommend system architecture solutions based on industry best practices and knowledge of federal and organizational security guidelines.
Perform periodic internal audits, vulnerability assessments, and web application security testing.
Maintain current knowledge of relevant security and privacy trends and technology.
Knowledge of Symantec Endpoint Security cloud is a plus.
Qualifications
Required
Hands-on experience with implementing, documenting, maintaining, and monitoring NIST, HIPAA, and FedRAMP control requirements
Experience in implementing and enforcing policies, procedures, and guidelines in a complex environment
Experience driving ATOs, including the privacy controls specified in NIST SP 800-53 rev 4 Appendix J
A good understanding of and ability to communicate security and risk implications to technical and non-technical audiences
Knowledge and experience with security best practices and relevant legislation
Excellent interpersonal, verbal, and written communication and organizational skills; must be able to communicate fluently in English both verbally and in writing
Meet deadlines with success
Strong analytical, organizational, and project management skills
Ability to thrive in a fast-paced, rapidly evolving environment with varying priorities based on a team-building culture
Preferred
3–5 years supporting security initiatives at HHS or other government agencies (CMS preferred) or related experience in security compliance using this NIST Risk Management Framework
Working knowledge of DevSecOps principles (such as CI/CD, test automation, etc.), process automation, and tools
Experience evaluating DevSecOps tools such as AWS CI/CD, NewRelic, Splunk, Git, CloudBees Jenkins, Docker/OpenShift, SonarQube/Fortify/Nessus, and LaunchDarkly. for security risk and compliance
Knowledge of CMS Acceptance Risk Safeguards (ARS), FISMA compliance (and CFACTS), FedRAMP and NIST security guidance and publications, HIPAA, and related privacy and compliance regulations
Hands-on experience with implementing, documenting, maintaining, and monitoring CMS Acceptable Risk Safeguards control requirements
Experience working as part of an agile scrum team and assisting with security-related tasks and deliverables associated with bi-weekly sprints
Experience using vulnerability scanners such as Nessus, OpenVAS, or Nexpose
Experience running static analysis/static application security testing tools such as SonarQube, Fortify, or Veracode
Experience running dynamic application security testing tools such as WebInspect, AppScan, Qualys, Burp Suite Pro, or OWASP ZAP
Experience with GRC tools such as CSAM, CFACTS, or Xacta
Proficient in Microsoft Office (Word, Excel, PowerPoint), Project, and Visio
Experience securing cloud-based environments such as AWS and Azure Cloud
Index Analytics provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Full Time
$75k-91k (estimate)
04/24/2024
06/22/2024
index-analytics.com
CATONSVILLE, MD
50 - 100
2012
RAGHU AKKAPEDDI
<$5M
Index Analytics is an 8(a) and HUBZone certified small business specializing in data strategy, data integration, data visualization and Salesforce CRM solutions. Founded in 2012, Index has been delivering award winning IT solutions and improved our clients return on investment (ROI) by providing high-quality enterprise solutions to federal government agencies. We are proud to have successfully supported multiple enterprise-wide information technology (IT)-related deployments on domains such as Business Intelligence (BI); Extract, Transform, and Load (ETL) tools and technologies; Big Data; data... strategy; Geographic Information Systems (GIS) technology; user training, coaching and support. Index Analytics services can be accessed through the following government contract vehicles: GSA Schedule 70 (SIN for IT Professional Services and Health IT; GSA Professional Services Schedule (formerly MOBIS) and CIO-SP3 (HUBZone); Please visit http://www.index-analytics.com/ for additional information
More
Show less