Get new similar jobs by email for
IT Security Analyst
IT Security Analyst – Silver Spring, MD
Will develop, implement, and maintain an IT security program consistent with DOC/NOAA and government-wide laws, regulations, policies, procedures, and standards. Will develop and maintain certification and accreditation (C&A) documentation; assist in the development and maintenance of system security plans, policies, procedures, and best practices; ensure implementation of all security policy, plans, and procedures; and provide system-level monitoring and compliance reporting. Will assist the system administrators by describing any weaknesses, creating the mitigation plan and vetting potential solutions. If there are no immediate solutions, then perform a targeted risk assessment and document compensating controls.Will monitor, evaluate, respond, and report on security threats and assist in annual testing of contingency/ disaster recovery plans.
3+ years of experience in IT Security. Working Knowledge of Federal government C&A practices and policies, particularly FISMA, NIST 800-53. Experience in preparing and reviewing documentation to includeSystem Security Plans (SSPs), Risk Assessment Reports, and C&A packages. Experience creating weakness evaluation reports (WERs) and developing corrective action plans (CAPs).Experience in managing changes to system and assessing the security impact of those changes; in reviewing, maintaining, and ability to ensure all Assessments and Authorizations (A&A) documentation are included in System Security Plans (SSP.); and in implementing and monitoring IT security controls and creating and maintaining related artifacts in accordance with DOC's Continuous Monitoring Plan and DOC/NOAA/NOS security policies and procedures.Experience in identify and creating Plans of actions and milestones (POAMs), entering them in the DOC Cyber Security Assessment and Management (CSAM) system, working with system administrators to resolve POAMs;and gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POAM.Experience performing vulnerability analysis of the Nessus scan results and working with the system administrators to resolve the vulnerabilities or to develop a System corrective action plan.
Certifications relating to IT security(CISSP, GIAC, CEH, Security+, etc).
Must be able to pass a full background investigation and obtain a security badge to enter the applicable government facility.
Bachelor's Degree in Computer Science, Software Engineering, or other related discipline preferred.
Submit resume to ERT’s Career Opportunities Web Page at:
Earth Resources Technology, Inc. (ERT)
ERT is an Equal Opportunity/Affirmative Action employer - All qualified applicants will be considered for employment without regard to race, color, religion, sex, national origin, disability, or protected Veteran status.