INFORMATION ASSSURANCE ANALYST
|# of Openings:||1|
INFORMATION ASSURANCE ANALYST
Supports Security Assessment & Authorization (A&A) activities related to internal controls, risk assessments, risk management, IT controls, related security control standards in classified environments (FISMA, NIST, CNSSI-1253), and POA&Ms. Assesses information system threats and vulnerabilities using risk analysis and operates vulnerability assessment tools in support of Cyber Security audit and advisory services.
• IT Security, information assurance, and compliance supporting classified client systems.
• Manage the remediation of POA&M items.
• Develop and maintain system security documentation in accordance with FISMA, NIST, and CNSSI-1253 guidelines.
• Assess security controls and facilitate timely identification, communication and recommended resolution of security risks.
• Support customers at the highest levels in the development and implementation of doctrine and policies.
• Participate in the development or revision of System-specific security safeguards and local operating procedures.
• Must be proficient in administering Nessus vulnerability scans and able to perform interpretations of the vulnerability scan results to determine risk priority remediation and mitigation strategies.
• Provide IT security consulting to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans.
• Work closely with certifiers and assessors to navigate the client A&A process and produce appropriate accreditation documentation.
• Facilitate timely identification, communication and recommended resolution of security risks within assigned systems.
EDUCATION & EXPERIENCE
• 9 - 15 years of experience and BA/BS in computer science, information systems management, mathematics, engineering, or related scientific field.
• Experience designing and implementing the NIST Risk Management Framework
• Experience designing, implementing, assessing and monitoring NIST 800-53 security controls
• Experience advising in the implementation of insider threat and privacy protection
• Experience with security assessments.
• Experience in designing, documenting, evaluating and testing general computer controls for IT security, change management, and IT operations.
• Experience with developing and maintaining Security A&A documentation.
• Experience with internal controls, risk assessments, and controls design, DISA STIGS, testing, or operational auditing.
• Strong written and verbal communication, particular for creating and presenting complete system security packages to audit teams that have achieved ATO status
• Must possess one of the following DoD level III Security professional certifications (CISA, GIAC Certified Incident Handler (GCIH), GIAC Information Security Expert (GSE), GIAC Security Leadership (GLSC), Security Certified Network Architect (SCNA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), and/or Certified Information Systems Auditor (CISA).
LTS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Are you a returning applicant?
|Back to Search Results