The incumbent will operate as a part of a team of security analysts who will lead their assigned programs through the nist 800-37 process and all of it's nuancesThis person will be responsible for security deliverables, as well as be a trusted advisor to their program, being able to translate regulations and findings to technical aspects to guide and expand the security culture of those they work with.
Create/update all client security deliverables (ssp, cp, isra, cp, pta/pia, etc.) Work with team members to ensure security functions are implemented for the program(s) that are under their care Act as a trusted advisor for security matters for their programs, and provide training on security items when needed Act as a bridge between client security teams and project teams to bridge the gap between compliance and technical security issues and both teams Ensure proper testing occurs, and manage the vulnerability process in the scope of the program Translate technical security findings (pen tests, act, fortify, tenable, etc.) to practical issues, and guide teams to appropriate preventative and corrective action Review program procedures and outputs, and implement corrective action when needed Act as a liaison for the program to client security teams Support corporate security as needed
Experience in multiple aspects of fisma, 4+ years Experience in an agile ci/cd development environment with a focusing on the testing and assessment functions (technical assessment and understanding (dev/ops) Experience in in agile development and operations support, in respect to fisma sp 800-53 guidelines Excellent writing and communication skills Experience in understanding security testing reports Experience in managing an audit for a program (sca/act, a-123, irs 1070, etc.) Experience with cloud-based systems (aws, salesforce) Experience in creating and maintaining the deliverables for the nist rmf (800-series) Experience in the performing application-level testing (cp functional and tabletop testing required) Experience running meetings and holding team members to deadlines
Desired skills (these are nice to have, but not mandatory):
Experience with cms security
5 years of experience in the required skill set/cissp domains Cissp in good standing required (note that cap does not qualify) Degree is preferred
Sparksoft is a certified capability maturity model integration (cmmi) svc and dev level 3, iso 9001:2015, iso 27001:2013, hubzone, 8(a), small disadvantaged business (sdb), women-owned small business (wosb), and small, women-owned, minority-owned (swam), and mbe/dbe/sbe consulting firmWith our focused mission “to ignite innovation, inspire transformation, and implement digital solutions for a healthier nation”, we specialize in 6 specific digital health services: test automation, cloud services, devops delivery, cyber security, data science, and human-centered designSince 2004, our exceptionally skilled people, proven leadership, and optimized processes all work together relentlessly to continuously push for more efficient solutions.
Sparksoft is an affirmative action/equal opportunity employer and does not discriminate against any applicant for employment or employee because of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other characteristic prohibited under federal, state, or local laws.
Information Security Analyst
Applying through jobeka.lk CV will be a benefit for you to prioritize your CV