Job Description
DYOPATH, a leading Managed Service Provider (MSP), was founded to empower organizations by delivering trusted IT solutions. At DYOPATH, we pursue both purpose and success, knowing one will ultimately lead to the other. Our core values foster a culture that promotes accountability, excellence, exceptional customer service, and sustainability. Our team is passionate, fun, creative, and courageous in communications.
Position: Jr. Information Security Analyst I
Location: Remote
Status: W2 Full-Time with Benefits
Shift: Monday - Friday from 8:00am - 5:00pm (est), but also other business hours as needed for security.
Salary: $110k - $115k depending on experience
Must Haves:
- CISSP certification highly preferred
- Microsoft Certified Security Operations Analyst Associate
- U.S. Citizen able to obtain a security clearance (public trust level 5)
- Experience in a Federal Azure Cloud environment
- Familiar with the following security tools: Azure Sentinel, Azure Log Analytics, Microsoft Defender, SQL Databases.
- Individual will be required to obtain a Secret Security Clearance prior to starting position.
Summary:
Information Security Business Analyst with strong technical, analytical, interpersonal, and organization skills to provide security support for a government client located in Washington, DC for a wide variety of applications. Candidate should have the ability to:
- Ensure all applications are configured and maintained based on FISMA Standards.
- Complete Security Scans of the applications and deliver reports based on the scans. Update POAMs based on the scans and issues, resolve/implement and/or work with the IT team to address issues/vulnerabilities identified.
- Complete Annual Security Review – Coordinate, complete and deliver the annual security review. Test controls and complete updates as required based on the review. Deliver evidence and reports as required.
- Complete Annual Contingency Plan Test – Coordinate, complete and deliver the annual Contingency Plan Test.
- Maintain/update Security Documentation; respond to Security questions/issues.
- Prepare and deliver required FISMA Documentation, i.e., System Test Plan, Risk Assessment, Policies, Configuration Management Plan, Contingency Plan, etc. for recertification.
- Work with a 3rd party vendor designated by the client to complete scans of the applications, work with vendor to complete the System Test and Evaluation of the applications. This involves completing a review of the Security Controls and providing evidence that the control has been implemented on the applications.
- Review existing C&A paperwork, respond to questions on C&A paperwork submitted, resolve or make recommendations on how to address issues identified, and provide additional information/evidence as required. Update or create C&A documents as required based on client policies and FISMA requirements.
- Subject Matter Expert on Security policies and responsibilities – Respond to questions and/or provide guidance on security policies, issues or questions that are identified. Ensure that we are meeting security requirements as defined by client policies and FISMA/NIST standards.
- Review system changes and determine security impact and provide guidance and/or complete changes required to the existing paperwork or system as required.
- Ensure compliance with appropriate security standards and regulations.
- Implement/make recommendations to meet new security policies/requirements.
- Translate DoD, federal, state, and organizational compliance requirements into documented processes, procedures, guidelines, and standards.
- Conduct analysis of system designs, processes, and procedures to document the applicable security controls in accordance with National Institute of Standards and Technology (NIST) 800-53 guidelines and requirements.
- Exhibit strong writing and editing skills, as well as the ability to work closely with all business areas to develop new and existing documentation
- Aggregate, parse, rearrange, and revise current documentation according to security requirements, new standards, and formats; Review vendor documentation for relevant content to aid in development of processes, procedures, standards, and guidelines;
- Create new documentation for processes, procedures, training materials, user guides, web-based content, release notes, internal and external presentations, etc.
- Document and implement a continuous monitoring strategy based on FISMA requirements.
- Use Azure Sentinel, Log Analytics and Microsoft Defender to monitor Azure logs and identify risks in real time.
- Write Kusto Query Language (KQL) queries for Azure Log Analytics and Azure Sentinel
- Create and modify Azure Sentinel Workbooks, Hunting Queries, and Analytics Rules using KQL.
- Interpret web traffic data from cloud-based firewalls (e.g. CheckPoint Security Gateway, Azure App Gateway Web App Firewall) to identify risks and recommend configuration or rule changes.
- Work with a technical team to evaluate Microsoft Defender for Cloud configuration recommendations based on NIST 800-53 r5 blueprints and establish technical requirements.
- Familiar with Security policies and practices within the Federal Government cloud environment.
- Familiar with FedRAMP requirements.
- Familiar with security industry best practices and standards such as:
- SANs 18
- OMB M-21-31 Logging requirements
- Zero Trust in Azure
- DISA SITG requirements for Windows Virtual Machines
- Microsoft Purview for data governance
- TIC 3.0 Logging requirements
- Familiar with the following security tools: Azure Sentinel, Azure Log Analytics, Microsoft Defender, SQL Databases.
Qualifications:
Bachelor's Degree in Information Systems, Management Information Systems, or a related field; knowledgeable of operating systems, LANs, and WANs/MANs; demonstrated knowledge and experience with applicable security regulations and standards; applicable active security clearances and/or security certifications required. Four to six years of related experience. CISSP certification required.
- CISSP certification
- Microsoft Certified Security Operations Analyst Associate
- S. Citizen able to obtain a security clearance (public trust level 5)
- Experience in a Federal Azure Cloud environment
- Professional with Strong organization skills and ability to multi-task in a small business environment
- Ability to plan and coordinate with multiple stakeholders
- Ability to work well with others, as well as independently
- Attention to detail
- Ability to adapt and learn quickly
- Ability to perform in stressful situations and within tight time constraints
- Ability to communicate in an understandable, polite and friendly manner, both written and verbal.
- Ability to work occasional weekend/evening support
- Medical, Dental, Prescription, Vision, Life and Disability Insurance
- Flexible Spending Account (FSA) as well as Health Savings Account (HSA) – save money pre-tax for eligible medical expenses
- Employee Assistance Program and Comprehensive Wellness Program
- 401 (k) Retirement Savings Plan with company match
- PTO - Paid Holidays and Vacation Time – encouraging work-life balance
- Continuous Learning and Development Programs
- Employee Referral Programs
- Pet Insurance plans
- Bonus Incentive Programs
- Growth opportunities
Equal Opportunity Employer
DYOPATH is committed to a work environment free of all forms of discrimination. DYOPATH recruits and hires without regard to age, color, disability, gender, gender identity, genetic information, marital status, military status, national origin, race, religion, sexual orientation, veteran status, or any other legally protected characteristic. For more information about DYOPATH, please visit our website at www.dyopath.com.The above information has been designed to indicate the general nature and level of work performed by employees in this classification. It is not designed to contain or to be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of the employee assigned to this job.