System Security Analyst

Overview

NuCrest is seeking a Part-time/Ad-hoc System Security Analyst as part of a Security Authorization and Assessment Support Team supporting a client in Bethesda, MD. as part of an Office of Information Technology (OIT) - Access Management Team in Towson, MD. Must have a minimum of a minimum of five (5 ) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field. The candidate must have a bachelor’s degree in Computer Science, Business Administration or a related field and Security , or any other related certification.

Description

The System Security Analyst will organize and facilitate contingency planning and incident response testing exercises. Responsible for developing and conducting contingency plan and incident response test procedures. Assess business impact analysis (BIA) documentation, hardware/software system configuration setups, system backup and storage, etc. and documents the results in the contingency plan test report. Supports Incident Response activities to mitigate damage, determine impact, document activities, and implement corrective actions.

Responsibilities

• Develop and conduct Contingency Plan (CP) and Incident Response Plan (IRP) tests for all systems.
• Exercise procedures may include an element of system recovery from backup media which requires coordination with other NIH enterprise computing entities.
• Deliverables are a CP test report, IRP test report, and After-Action Reports that are created using Agency-provided templates.

Required Skill and Experience

• A minimum of five (5 ) years of experience of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field to include: Cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data and knowledge of information security principles and method. Strong Knowledge of Federal Cyber Security policies and guidelines.
  • Five (5 ) years of experience with support security assessments on the contingency and incident response of federal applications, general support systems (GSSs), High-value assets (HVAs), healthcare systems to ensure compliance with the NIST SP 800-37, NIST 800-53A, HIPPA, and agency-specific requirements.
  • Five (5 ) years expert experience performing and documenting security assessments, security control assessments, contingency and incident response testing.
• Strong knowledge of the Systems Development Life Cycle (SDLC), agile development, SecDevOps activities in the development of technology solutions.
• Strong ability to assess web applications, systems in an cloud commercial, federal cloud, and hybrid cloud environment (IaaS, PaaS, SaaS, etc).
• Strong technical background assessing Windows / Unix platforms, legacy systems, databases, web servers/applications, cloud and virtualization environments.
• Strong knowledge of network security architecture concepts, including topology, protocols, components, and principles
• Familiar with the contingency and incident response plans of cloud environments (services/security) and FedRAMP A&A process.
• Strong project management, time management, and work sequencing skills.
• Effective verbal and written communication skills with ability to effectively communicate with all levels of users and teammates both written and verbally.
• Effective technical writing and documentation processing skills.

Education:

• BA/BS in Computer Science, Information Technology, Information Security.

Certifications:

• Certified Information System Security Professional (CISSP), CAP, Security , or any combination of relevant Cyber Security training/certification and experience.

Clearance:

• N/A

Work Core Hours:

• Eight-hour workday, during the workweek: 8:00 am – 5:00 pm ET, Monday through Friday

Company Background:

NuCrest, LLC is a minority-owned Service-Disabled Veteran-Owned Small Business (SDVOSB)/Small-Disadvantaged Business (SDB) based in Anne Arundel County, Maryland focuses on delivering a diverse portfolio of security-focus IT Enterprise Services and Solutions to support the critical missions of Federal and Civic clients. We deliver our services across multiple enterprise platforms, data networks, and cloud environments.

At NuCrest we support our Veterans and encourage all to apply!

NuCrest provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.