Senior Security Analyst

Overview:

Are you a Senior Security Analyst who would like to have a positive impact for millions of people? If so, we may have an opportunity for you!

TISTA associates enjoy above Industry Healthcare Benefits, Remote Working Options, Paid Time Off, Training/Certification opportunities, Healthcare Savings Account & Flexible Savings Account, Paid Life Insurance, Short-term & Long-term Disability, 401K Match, Tuition Reimbursement, Employee Assistance Program, Paid Holidays, Military Leave, and much more!

Stay Connected:

Follow us on LinkedIn for updates on this job and other exciting opportunities.

• Work as part of cross-functional Agile and SDLC project teams or support individual product
• Conduct security authorization and assessment activities and tasks and obtain an Authorization to Operate (ATO) in line with NIST and client guidance and directives
• Determine the baseline IT Security requirements for IT Systems, diagram system authorization boundaries, determine system categorization based on FIPS-199
• Manage vulnerabilities
• Conduct technology evaluation and system design review to assess the effectiveness of existing controls and provide meaningful recommendations
• Monitor progress, manage risk, and ensure key stakeholders are kept informed about progress and expected outcomes, and propose and take corrective action as appropriate
• Assist in Federal Information Processing Standard (FIPS) categorization of applications/systems
• Participate in risk assessments, vulnerability scans and penetration testing of new and existing systems to identify, investigate and document security weaknesses
• Document and implement security controls using NIST standards
• Review and generate authorization and assessment system documentation as needed: Security Assessment Reports (SARs), Privacy Threshold Assessments (PTA), Privacy Impact Analysis (PIA), Disaster Recovery Plans (DRP), Information System Contingency Plans (ISCP), Incident
• Response Plans (IRP), Risk Assessment Reports (RARs), Standard Operating Procedures (SOPs) and Plans of Action and Milestones (POAMS)
• Create and maintain project content in the Governance, Risk, and Compliance (GRC) tool per client’s guidance.
• Identify and report detailed Plan of Action and Milestone (POAMs); manage and monitor for corrective actions
• Review and analyze system scan reports
• Provide guidance on security requirements for systems hosted in cloud (including FedRAMP) versus on-premise
• Research and stay up-to-date on industry standards and any new vulnerabilities and risks
• Assess systems to analyze risk and report weaknesses findings
• Work with developers and DBAs in addressing findings
• Assess and review current technology infrastructure to identify key risk areas, and ensure adequate levels of controls are in place to address those risks
• Participate in and support internal and external compliance initiatives including audit requests, tabletop exercises, security training, and other tasks associated with improving the company’s security posture

• 5+ years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field
• Recognized IT security certification, such as Security+ or Certified Information Systems Security Professional (CISSP)  
• Demonstrates a proficiency with developing, maintaining and managing security authorization and assessment packages
• Experience with developing and managing POA&Ms
• Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities
• Technical experience with reviewing vulnerability scans and providing mitigation techniques
• Possess experience in participating in SCA’s
• Experienced writing security related policies and procedures and conducting audit log reviews
• Knowledge of and experience with Federal security regulations, standards, and processes including FISMA and NIST
• Experience with NIST Special Publications and guidance
• Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment
• Experience with maintaining security packages in a Governance, Risk, and Compliance tool
• Strong written and oral communication skills
• DevSecOps experience a plus
• Enterprise Mission Assurance Support Service (eMASS) experience

Education:

• Master's Degree in Computer computer science, electronics engineering or other engineering or technical discipline PLUS 5 Years of experience
• Ten (10) years of additional relevant experience may be substituted for education

Clearance: 

• The ability to pass a Tier 2/Moderate Background Investigation 

Location:

• Remote, USA
• Monday - Friday (8:00 AM - 4:30 PM CST)

Pay Range:

• The pay for this position ranges from $80,730 to $89,500
• The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience, and location
• Also, certain positions are eligible for additional forms of compensation, such as bonuses
• TISTA associates are eligible to participate in our comprehensive benefits plan! More information can be found here: https://tistatech.com/working-at-tista/