For 29 years, clients in the private and public sectors have relied upon SOS International LLC (SOSi) for critical operations in the world’s most challenging environments. SOSi is privately held, was founded by its current ownership in 1989, maintains corporate headquarters in New York City, and specializes in providing logistics, construction, training, intelligence, and information technology solutions to the defense, diplomatic, intelligence and law enforcement communities.
All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.
6-******-7021: Sr. Computer Security Analyst
LocationU.S. – Washington, DC
STG Inc, an affiliated company of SOS International LLC (SOSi) is seeking qualified, professional, and experienced Sr. Computer Security Analyst in Washington, DC.
This position is located in Washington, DC. The ideal candidate will be responsible for assessing information risk and facilitates remediation of identified IT security and IT risk across the enterprise. Performs assessments of the IT security/risk posture within the IT network, systems and software applications, in addition to assessments within the different systems. Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintains oversight of IT and continuous monitoring for security maintenance of their systems and applications. Provides weekly project status reports, including outstanding issues. The Senior Security Analyst will assist in all IT audits and IT risk assessments. This position will help with a dynamic role requiring leadership and coordination with multiple IT teams. This environment supports over 1,100 users and over 7,000 assets located in multiple locations in the Washington, DC area; as well as offices in New York, NY; Chicago, IL; and Kansas City, MO.
Key responsibilities including but not limited to:
Coordinate, plan, schedule, and execute initiatives for the complete support and management of the IT security posture for the Federal client
Establish and maintain a CFTC Configuration Management program following Security Configuration Management (SecCM) Plan, Identify and Implement, Control Configuration Changes, and Monitor for compliance lifecycle management
Monitor security threats to baseline configurations (workstations, laptops, servers, network appliances, mobile devices, etc.)
Perform security impact assessments for each submitted requested approved change control record
Support the development of tailored security configuration bases.
Work with the Security Team to gain acceptance and approval of all security controls.
Management of IT security and IT risk (e.g., data systems, network and /or web across the enterprise)
Develop and revise policies, procedures and standards that meet existing and newly developed policy and regulatory requirements based on federal requirements and standards.
Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the agency.
Work with the agencies system owners to establish gap analysis for agency systems based on the determined FIPS-199 system level.
Participate in the Configuration/Change Control Board (CCB) for review and recommendations for Configuration baseline vulnerability identification and remediation before and after implemented changes.
Support activities for the NIST Risk Management Framework (RMF) and Continuous Diagnostic and Mitigation
Act as the lead security adviser for the change control board
Assist in researching, evaluating, and developing relevant Information security policies and guidance.
Minimum of 7 years of technical experience (Computer system design, integration, application development, and computer security)
Bachelors of Science Degree (or equivalent experience)
Must be a US Citizen
Knowledge of technical infrastructure, networks, databases, and systems in relation to IT Security and IT Risk.
Experience in conducting IT compliance assessments
Experience in IT security controls for NIST 800-53 (lastest version)
Technical experience with Security Operations Tools (such as Symantec (SEP/DLP), Solar Winds, ForeScout, AccelOpps, FortiSIEM, Cisco Sourcefire, Stealthwatch, IronPort, MIMESweeper, ProofPoint, TrendMicro, Enterprise Email Gateway, etc.)
Possess broad working knowledge of Incident Response activities.
Possess broad working knowledge of Configuration Management, Configuration Items, Configuration Baselines, CMDB management.
Possess knowledge of Risk Management Framework (RMF) for continuous monitoring
Possess broad knowledge of network architecture, asset and configuration management tools, baseline images and compliance folders.
Possess strong technical skills and analytic abilities, as well as experience performing network security analysis and risk management as it relates to the configuration.
Possess ability to perform complex technical tasks in pursuit of overall goals with minimal direction, limited access to systems, and resource restrictions.
Possess excellent written and professional oral communications skills to develop and present compliance reporting and security recommendations.
Possess the ability to translate an understanding of systems and applications into security baselines scan plans and perform hands on security scanning.
Demonstrated ability to analyze scan results and suggest mitigations for security problems.
Possess a broad knowledge of Information Security policies and guidance, as well as the ability to assist in researching, and evaluating.
To apply for this job please visit itjobpro.com.