The Cyber Security Analyst acts as a lead consultant, interfacing between the customer and IT security consulting team throughout the federal information system Security Assessment & Authorization (SA&A) lifecycle process. The ideal candidate is very detail oriented with strong written and oral communication skills as well as a strong technical background. He/she will be responsible for planning, developing, finalizing, and reviewing key deliverables in each stage. As a result, a strong understanding of standards and requirements outlined by NIST, HIPPA and other federal guidelines is required. The Cyber Security Analyst will be actively engaged in identifying unique system characteristics, interviewing key organizational personnel (technical, administrative, and executive), and working with the consulting team to develop and manage security documentation throughout the system lifecycle in support of NIST and HIPPA requirements. This includes, but is not limited to; security categorizations, system security plans, privacy impact assessments, contingency plans, configuration management plans, incident response plans, POA&Ms, vulnerability assessment reports, and a strong understand of the Risk Management Framework (RMF).
Technical Skills and Tasking:
- Working face-to-face with leadership and clients interviewing, planning, or participating in a team effort to bring multiple complex projects to completion.
- Understanding of NIST, HIPPA, and PCI regulations
- Specifically NIST 800-171 and NIST 800-53
- Understanding of RMF.
- Understanding of POAM.
- Assess/audit systems to analyze risk and report on identified weaknesses.
- Conducting in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
- Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, HIPPA, etc.
- Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems, Virtual Private Networking, and virus/malware protection technologies — behavioral based a plus).
- Knowledge of LAN/WAN design and general internetworking technologies. Hands-on experience a plus.
- Knowledge of Windows and Unix operating systems. Hands-on experience a plus.
- 2 Years Experience (Academic, Internship, or Professional) in Cyber Security Analyst or related role.
- Bachelors degree in information systems, computer science, or related fields.
- Required Certifications: None required.
- Desired certifications: CISSP, CISM, CEH, CISA, Security+ and/or CAP
- U.S. Citizenship Required.