Jr. Security Analyst

Job Location: On-site (not remote), Columbia, MD

Primary Job Responsibilities

·         Oversee, evaluate, and support the documentation, validation, and accreditation processes necessary to assure that IT systems meet the organization’s security requirements.

·         Respond to crisis or urgent situations within the system to mitigate immediate and potential threats.

·         Use mitigation, preparedness, and response and recovery approaches, as needed, to maximize information security.

·         Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.

·         Provide security advice and recommendations to leadership and staff based on NIST and FIPS guidelines.

·         Analyze system security assessment reports.

·         Develop estimates of the security risks associated with deployment of new technologies.

·         Use defensive measures and information collected from a variety of sources to identify, analyze, and report events

Qualifications

·         A bachelor's degree in information technology systems, computer science, or a related field and experience in information technology systems or a related area

·         At least 3 years of information security experience, including documenting system security controls in place to support the Assessment and Authorization processes.

·         CompTIA Security certification

·         Experience using Nessus, AIDE, Windows, Linux/RHEL

·         Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.

Requirements

·         1-2 years of professional experience supporting information security/assurance programs, policies, processes, and operational procedures per various standard security frameworks/laws/standards/directives, e.g.: FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act

·         Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974

·         Experience writing System Security Plans using-depth knowledge of the  NIST 800-53 security control requirements and standard methods for implementing security controls.

·         Understanding of risk assessment and risk management concepts, including POA&M support

·         Practical knowledge of IT System contingency planning and incident response

·         Good understanding of continuous monitoring and continuous authorization concepts

·         Good understanding of protection of PII and PIA concepts

·         Expert use of MS Office, especially Word, PowerPoint and Outlook

·         Good ability to articulate technical concepts, especially in the audit review process

·         Must be a US Citizen

IT-CNP is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.