Information Security Analyst Senior

Do work that matters, delivering innovative solutions with big-picture thinkers and collaborative people. After all, how we work is in our name. DRT stands for Driving Resolution Together - and this is how we solve our customers’ most pressing challenges. Together!

DRT Strategies delivers expert management consulting and information technology (IT) solutions to large federal agencies, the U.S. Navy, state and local government and commercial clients in health care, technology, and the financial services industries.

We are problem solvers dedicated to your success, combining Fortune 500 experience with small business responsiveness. We have established a reputation with our clients as a forward-thinking consulting firm with demonstrated success in implementing solutions that lead to meaningful results.

DRT is seeking an Information Security Analyst to support the Centers for Disease Control and Prevention (CDC).

Job Summary

• Conduct independent reviews of draft of system documentation / artifacts such as: Baseline System Information, Host Worksheets, System Security Plan (SSP) (including detailed control descriptions), Business Continuity Plan (BCP), Authorization and other required documents.
• Maintain current system inventory in the CDC OCISO Trusted Agent system, updates and reports, as well as security authorization and change management tracking and compliance documentation.
• Input, edit, and maintain SA&A data and artifacts in the OCISO trusted agent system.
• Assist system stewards to document and mitigate identified security issues with the CPR applications/systems (including requirements for security authorization).
• Respond to customer requests for non-standard software (Commercial-Off-the-Shelf [COTS], Government-Off-the-Shelf [GOTS] and open source/freeware) by completing tests using Security Content Automation Protocol (SCAP)-compliant tools, and checking or known IT Security vulnerabilities.
• Scan incoming portable media, including external hard drives, CD’s, DVD’s, and flash drives for malicious software as directed by the ISSO, in accordance with CDC OCISO policy and guidance.
• Risk assessment, characterization, mitigation and tracking documents, including the Plans of Action & Milestones (“POA&M”)
• Assist Business Stewards with accurate and timely completion of Privacy Impact Assessments, or “PIA” (including requirements for security authorization.
• Assist Business Stewards completing and updating Social Security Number (SSN) Usage Exception requests as necessary for security authorization.
• Support development, use and update of System of Records Notice (SORN) for supported programs and systems.
• Assist individuals and programs in applying CDC OCISO privacy requirements to system design, Data Use Agreements (DUAs), data storage and transport, or other activities and documents not directly associated with PIA.

What you will do:

Perform change system change requests
Support security stewards in Annual Assessment and SA&A package preparation
Address all risk Findings
Work with Developers to remediate Vulnerability scan reports
Review ATO Packages
Conduct Risk Assessments
Work on Incident response tickets of missing devices
Conduct System decommissioning as needed.

DRT Strategies, Inc. (DRT) celebrates diversity and is proud to provide Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetics, disability, or protected veteran status. In addition to federal law requirements, DRT complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

ApVqeRGqUN