Cyber Security Analyst III (Senior)
Location: Clearfield, UT
The Cybersecurity Analyst III is a key member of the Information System Security Engineering team and works closely with our customers across functional teams to provide compliance assessments and help engineer secure solutions as they are being developed.
Essential Duties and Job Functions
Conduct research, review documentation and provide input for Risk Management Framework packages to the Government for review and approval.
Review Risk Management Framework documentation for completeness and readiness for certification analysis.
Coordinate with the appropriate system owner or Information Systems Security Manager (ISSM) to gather missing information and assist the Government in resolving issues precluding the program from receiving an Authority To Operate.
Assist with FISMA compliance audits and provide status updates to the PM
Perform quarterly vulnerability analysis in compliance with RMF.
Review compliance with current Cybersecurity policy, regulations, and directives to ensure secure configuration and operation of all operated and maintained IT assets, recommending corrective actions as required.
Assist customers developing new system to design and engineer the systems to meet current cyber security requirements and best practices.
Knowledge, Experience and Skills
Minimum nine (7) years of experience in an Information Security position or IT Audit role with a background in performing security risk assessments.
Compliance audits, gap analysis and assessments (DISA STIGS, PCI, HIPAA, SOX)
Proven ability to create and maintain effective documentation, including policies, processes and procedures
Strong understanding of NIST 800-53r4 controls
Knowledge of security and IT general controls for application development and management
Good communications skills, both verbal and written, as well as the ability to communicate well with people in a variety of positions, roles and levels
Professional, self-motivated and a strong sense of urgency.
Ability to provide technical direction to more junior team members
– CISSP, CISM, GSLC, CAP, or CASP certification
– Active DoD SECRET clearance
– BS/BA degree or an equivalent combination of education and experience
– Training in Risk Management or IT Audit Methodology strongly desired.