PPT Solutions is seeking a Security Analyst in Annapolis Junction, Maryland.
Description of Responsibilities for the Security Analyst:
- Provide technical guidance on a range of specific Technology Controls and Information Security programs, policies, standards and incidents.
- Lead risk assessment, required controls definition, control procedure appropriateness, vulnerability assessments and any other relevant areas.
- Conduct comprehensive risk and control design assessments for an application portfolio, articulate and document impact of control gaps to the business and enterprise-wide, risk mitigation and remediation plans, remediation strategy document or provide information security solutions to address risks.
- Provide guidance and/or lead on the development of on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
- Develop on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
- Proactively work with technology partners and stakeholders and service/platform owners to ensure all technology security components are integrated into the governments Enterprise Architecture, and any control gaps are addressed.
- Adhere to, advise on, oversee, monitor, enforce enterprise frameworks and methodologies related to technology controls and information security activities.
- Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise
Required Knowledge, Skills, and Abilities for the Security Analyst:
- Bachelor's Degree required, Master's Degree preferred
- At least 7 Years experience (if less than 15 years of experience, must have a Master's degree)
- Experience in Supporting Government Information Systems Security Officer (ISSO)
- Cyber Security Analyst Skills
- Strong Experience with Xacta 360
- RSA Archer - for tracking ISVMs
- Strong working knowledge with Nessus Scans
- Strong working knowledge with APP Scan Enterprise
- Strong working knowledge with JAZZ
- Strong knowledge with Oracle
- Strong Experience with NIST Publications and the Risk Management Framework (RMF) NIST 800-37, NIST 800-53 Rev. 4, NIST 800-53A
- Should have a strong working knowledge in writing Security Plans for Federal information systems (implemented, hybrid, inherited security controls)
- Certified Authorization Professional (CAP) Certification strongly preferred
- Experience managing Plans of Action and Milestones (POA&M) and Continuous monitoring
- Drafting of Interconnection Security Agreements
- Work will be full time, on site in Annapolis Junction, Maryland
- Excellent communication skills (verbal & written)
- Previous experience on application risk assessments
- Experience with key risk indicators reporting
- Must be a U.S. Citizen and able to pass a government background investigation
- Travel may be required once per month
Desired Knowledge, Skills, and Abilities for the Security Analyst:
- CISA - Certified Information Systems Auditor
- CISSP - Certified Information systems security professional