This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
Visión It - San Antonio, TX
posted 3 months ago
Full-time
San Antonio, TX
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services
About the position
The Associate Information Technology Security Analyst is responsible for the daily operations of conducting routine Information Assurance (IA) audits on all Information Systems (IS). This role focuses on evaluating systems for compliance with the Risk Management Framework (RMF) 800-53 Controls and Special Directives, assisting in continuous monitoring within eMASS, and providing critical support for Certification and Accreditation (C&A) activities.
Responsibilities
- Conduct routine IA audits to ensure appropriate IA security controls are applied and maintained across all Information Systems (IS).
- Evaluate IS compliance in alignment with RMF 800-53 Controls and Special Directives.
- Assist in continuous monitoring of RMF packages within eMASS, including managing Plan of Actions and Milestones (POA&Ms), Test Results, and Risk Assessments.
- Record and prepare artifacts associated with audits to maintain a current repository of all RMF documentation.
- Provide C&A support by conducting risk and vulnerability assessments and developing security and contingency plans.
- Utilize NIST Special Publications (800 Series) as references for C&A, system security plans, and risk assessments.
- Create, edit, and review organizational and team-level documentation for clarity and accuracy, including security-related Tactics, Techniques, and Procedures (TTPs), Standard Operating Procedures (SOPs), and plans.
- Employ automated security scanning tools (SCAP, ACAS, BNA, etc.) to identify potential vulnerabilities.
- Analyze findings and report them to technical teams and leadership for appropriate tracking and mitigation.
- Research Requests for Information (RFIs) from technical teams regarding DISA STIG checklists and regulations.
- Clearly explain security requirements to systems administrators to ensure proper understanding.
- Review proposed actions from technical teams, recommending the most secure options while balancing operational requirements.
- Assist in identifying, tracking, and remediating security risks discovered on information systems.
- Prepare and deliver detailed written reports and oral presentations to senior leaders and staff within the RCC-C.
- Coordinate with internal and external entities to enhance established processes, ensuring efficient execution of analysis, tracking, mitigation, and reporting.
- Work directly with cross-functional teams and management to resolve compliance issues.
- Support or lead special projects as required.
- Complete other duties assigned by management.
Requirements
- Experience with Information Assurance (IA) audits and compliance evaluations.
- Knowledge of Risk Management Framework (RMF) 800-53 Controls and Special Directives.
- Familiarity with eMASS for continuous monitoring and management of RMF packages.
- Ability to conduct risk and vulnerability assessments.
- Proficiency in utilizing NIST Special Publications (800 Series) for security documentation.
- Experience with automated security scanning tools (SCAP, ACAS, BNA, etc.).
- Strong analytical skills to assess findings and report them effectively.
- Excellent communication skills for explaining security requirements and preparing reports.
Nice-to-haves
- Experience with DISA STIG checklists and regulations.
- Familiarity with security-related Tactics, Techniques, and Procedures (TTPs).
- Ability to work collaboratively with cross-functional teams.
