Location: Herndon, VA
Department: DNU - Azzur Solutions, LLC
Additionally, this team supports maintenance of company certifications, internal assessments and a continuous monitoring program. These efforts require the continuous monitoring of all environments via vulnerability scanning and analysis, remediation recommendation and follow-through, tracking of the vulnerabilities via a Plan of Actions and Milestones (POAM) and interactions with the Information System Security Engineers, Operations and Build/Automations teams. This is an interactive position, both with the Compliance team as well as other client team
members.
Minimum Job Requirements:
This role serves as a “hands-on” mid-level security analyst who will be responsible for interfacing with the security engineering, operations and build teams, assisting with the development and/or maintenance of various POAMs, input to System Security Plans (SSP) and associated documentation for multiple environments, gathering scan results, conducting analysis on scan results, providing recommendations for vulnerability remediation or mitigations and providing information on the current risk and vulnerabilities. This position will assist with ongoing continuous monitoring activities on a daily, quarterly or annual basis.
Additionally, this role will assist with the security assessments (i.e. FedRAMP, FISMA, HIPAA,
SOC, etc.), to include supporting collection of evidence. A thorough understanding of vulnerability management (scans, assessment findings, deviation requests, etc.) in order to maintain a secure posture is required.
The Security Analyst will be responsible for Continuous Monitoring Support
for the various environments; which may include development of the metrics / trends, analysis of scan results, assisting with the FedRAMP, FISMA, IRAP, etc authorization processes to include scan analysis and deviation requests, and briefing of status, as required. This role serves as a mid level security analyst who assists with the continuous monitoring process, and can provide thoughtful recommendations on remediation / mitigation, as well as development of associated processes and procedures. This role must communicate between security, engineering, development and operations teams as required, and be able to interpret and document the results of data gathering. Key deliverables for success will be maintenance of various conmon activities (i.e. scan execution, review and analysis, POAM maintenance, etc.); ensuring processes and procedures are current and followed, and provides management with a status of the security posture of the
environment.
In Summary, this position needs to be able execute the following:
Gather information, understand architecture diagrams and implementation of the scans configuration through
interfacing with the security engineering, operations and build teams
Develop security documentation such as, but not limited to, conmon plans, procedures and processes, and standard
operating procedures
Analysis various scans for application, operating system and containers, to include accuracy
Review and maintain POAM manually as well as via automated tools
Maintain, via review and update, of all POAM inputs, including vendor and operational dependencies.
Understand the intent of the FedRAMP/FISMA security controls and communicate as needed
Assist with the FedRAMP/StateRAMP or FISMA authorization to include, but not limited to, prep of ISSE and
operations team through mock interviews, update/explanation of documentation and processes as required, and
support FedRAMP PMO/Agency /CISO requests
Assist with ITAR/EAR, HIPAA, PCI DSS, ISO, SOC assessments to obtain/maintain certifications, as required
The general qualifications for a mid-level security analyst – conmon consists of:
Experience with Cloud technologies, especially AWS, Azure, and/or Goggle Cloud
Experience with FedRAMP and/or other authorization processes and NIST risk management framework
Experience in developing, evaluating, and implementing information security architectures, technologies, standards, and practices to secure applications and IT systems, desirable
Experience in vulnerability management to include analysis of App, O/S and Container scans
Development of security documentation such as conmon plans, policies, procedures, etc., based on NIST SP 800-53 security controls and FedRAMP CONMON.
Flexible, self-motivated, and able to work independently and communications with other teams in a fast paced
environment
Excellent communication skills (oral and written) and the proven ability to work effectively with all levels of IT and
business management.
Experience in writing or executing system security documentation, authorization to operate packages, POA&Ms, and
policies.
Additional Experience:
Experience in reviewing/editing/writing technical documents
Skill in preparing and making written and oral presentations of complex technical nature.
Experience using ticketing systems such as JIRA
Demonstrated ability to coordinate multiple tasks
Professional industry certifications in area of expertise desired
Apply Now
Department: DNU - Azzur Solutions, LLC
Job Description
Additionally, this team supports maintenance of company certifications, internal assessments and a continuous monitoring program. These efforts require the continuous monitoring of all environments via vulnerability scanning and analysis, remediation recommendation and follow-through, tracking of the vulnerabilities via a Plan of Actions and Milestones (POAM) and interactions with the Information System Security Engineers, Operations and Build/Automations teams. This is an interactive position, both with the Compliance team as well as other client team
members.
Minimum Job Requirements:
This role serves as a “hands-on” mid-level security analyst who will be responsible for interfacing with the security engineering, operations and build teams, assisting with the development and/or maintenance of various POAMs, input to System Security Plans (SSP) and associated documentation for multiple environments, gathering scan results, conducting analysis on scan results, providing recommendations for vulnerability remediation or mitigations and providing information on the current risk and vulnerabilities. This position will assist with ongoing continuous monitoring activities on a daily, quarterly or annual basis.
Additionally, this role will assist with the security assessments (i.e. FedRAMP, FISMA, HIPAA,
SOC, etc.), to include supporting collection of evidence. A thorough understanding of vulnerability management (scans, assessment findings, deviation requests, etc.) in order to maintain a secure posture is required.
The Security Analyst will be responsible for Continuous Monitoring Support
for the various environments; which may include development of the metrics / trends, analysis of scan results, assisting with the FedRAMP, FISMA, IRAP, etc authorization processes to include scan analysis and deviation requests, and briefing of status, as required. This role serves as a mid level security analyst who assists with the continuous monitoring process, and can provide thoughtful recommendations on remediation / mitigation, as well as development of associated processes and procedures. This role must communicate between security, engineering, development and operations teams as required, and be able to interpret and document the results of data gathering. Key deliverables for success will be maintenance of various conmon activities (i.e. scan execution, review and analysis, POAM maintenance, etc.); ensuring processes and procedures are current and followed, and provides management with a status of the security posture of the
environment.
In Summary, this position needs to be able execute the following:
Gather information, understand architecture diagrams and implementation of the scans configuration through
interfacing with the security engineering, operations and build teams
Develop security documentation such as, but not limited to, conmon plans, procedures and processes, and standard
operating procedures
Analysis various scans for application, operating system and containers, to include accuracy
Review and maintain POAM manually as well as via automated tools
Maintain, via review and update, of all POAM inputs, including vendor and operational dependencies.
Understand the intent of the FedRAMP/FISMA security controls and communicate as needed
Assist with the FedRAMP/StateRAMP or FISMA authorization to include, but not limited to, prep of ISSE and
operations team through mock interviews, update/explanation of documentation and processes as required, and
support FedRAMP PMO/Agency /CISO requests
Assist with ITAR/EAR, HIPAA, PCI DSS, ISO, SOC assessments to obtain/maintain certifications, as required
The general qualifications for a mid-level security analyst – conmon consists of:
Experience with Cloud technologies, especially AWS, Azure, and/or Goggle Cloud
Experience with FedRAMP and/or other authorization processes and NIST risk management framework
Experience in developing, evaluating, and implementing information security architectures, technologies, standards, and practices to secure applications and IT systems, desirable
Experience in vulnerability management to include analysis of App, O/S and Container scans
Development of security documentation such as conmon plans, policies, procedures, etc., based on NIST SP 800-53 security controls and FedRAMP CONMON.
Flexible, self-motivated, and able to work independently and communications with other teams in a fast paced
environment
Excellent communication skills (oral and written) and the proven ability to work effectively with all levels of IT and
business management.
Experience in writing or executing system security documentation, authorization to operate packages, POA&Ms, and
policies.
Additional Experience:
Experience in reviewing/editing/writing technical documents
Skill in preparing and making written and oral presentations of complex technical nature.
Experience using ticketing systems such as JIRA
Demonstrated ability to coordinate multiple tasks
Professional industry certifications in area of expertise desired
Apply Now