This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
Esimplicity - Silver Spring, MD
posted 2 months ago
About the position
The Information Security Analyst IV at eSimplicity is responsible for providing security support services to ensure compliance with security control requirements across a systems portfolio. This role involves continuous monitoring of cybersecurity posture, facilitating security tool implementation, and ensuring proper configuration and compliance of security tools. The analyst will act as a liaison for security-related inquiries, maintain security documentation, and provide subject matter expertise throughout the system development lifecycle.
Responsibilities
- Work closely with Product Owners, ISSOs, and engineering staff to implement security policies and procedures.
- Analyze new or updated security requirements and develop accurate responses.
- Review and update ATO artifacts such as System Security Plans and Incident Response Plans.
- Interpret security risk assessments and support the remediation of vulnerabilities.
- Support the development of documentation for security feature implementation.
- Document remediation for vulnerabilities and non-compliance issues with engineering personnel.
- Analyze agency security requirements and communicate governance to non-security personnel.
- Collaborate with teams to support continuous monitoring and ATO efforts.
- Conduct vulnerability assessments and monitor systems for potential breaches.
- Respond to alerts from security tools and resolve higher-level security incidents.
- Manage security tool outages and maintain dashboards and reporting.
- Research security trends and new attack vectors to enhance security measures.
- Educate users on security requirements and procedures.
- Recommend process improvements for risk mitigation.
- Apply iterative security automation to enhance overall security posture.
- Provide audit log reviews in Splunk and plan for investigations or remediation activities.
- Conduct periodic user and privileged access reviews.
Requirements
- Minimum of 7+ years related experience.
- Bachelor's degree in computer science, Information Systems, Engineering, Business, or related field, or equivalent experience.
- Familiarity with Agile Methodologies.
- Working knowledge of AWS Security tools.
- Knowledge of hardening standards (DISA STIG, CIS).
- Understanding of NIST Risk Management Framework and NIST 800-53 rev5.
- Experience with CI/CD and DevSecOps.
- Knowledge of SAST, DAST, IAST, and OAST tools.
- Understanding of business security practices and current security tools.
- Experience managing systems in AWS cloud environments.
- Experience with security baked-in architecture designs.
- Demonstrated experience with computer networking, cryptography, and security engineering.
- Broad experience using cloud services and security tools.
- Knowledge of vulnerability and compliance scanning tools.
- Strong analytical and problem-solving abilities.
- Excellent organizational and time-management skills.
- Excellent customer service skills.
- Experience with Government Agency Security Assessment Process.
- Experience with Atlassian Jira & Confluence.
- Excellent command of written and spoken English.
- Ability to obtain and maintain a Public Trust.
Nice-to-haves
- Federal Government contracting work experience.
- Industry certifications such as CISSP, CEH, GIAC.
- Experience with Security Information and Event Management (SIEM) systems like Splunk.
Benefits
- Highly competitive salary
- Full healthcare benefits
