Security Analyst I - Compliance

• At least 3+ years of progressive experience in computing and information security, including experience with Internet technology and security issues.
• Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing.
• Knowledge of federal information security standards, rules and regulations related to information security and data confidentiality and desktop, server, application, database, network security principles for risk identification and analysis.
• Performs assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy.
• This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments.
• Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
• Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
• Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
• Complete all associated Assessment and Authorization activities, which includes all Risk Management Framework (RMF) Body Of Evidence (BOE) documentation: System Security Plan (SSP), Security Controls Traceability Matrix (SCTM), Control Family Security Operating Plans (SOPs), Continuous Monitoring (ConMon) Plan, and Plan of Actions and Milestones (POA&M).
• Strong analytical and problem-solving skills. Excellent communication (oral, written, presentation), interpersonal and consultative skills.
• CISSP security certification desired.

LS3 was founded/incorporated in 2001. We are a minority, women-owned small disadvantaged business (SDB). We became SBA 8(a)/SDB certified in 2005, LS3 was one of the first firms ever to receive a GSA Certificate of Services Approval as an HSPD-12 Systems Integrator, which is a core competency required for success in any ICAM initiative. Since obtaining this qualification, LS3 has maintained a consistent presence in supporting both ICAM and HSPD-12 Programs and expanded our robust corporate capability within our HSPD-12 Qualification Category. LS3 is listed within the GSA Schedule 70, Special Item Number (SIN), 132-62 for HSPD-12 Product and Services Components, and SIN 132-60F as an Identity and Access Management Professional Services entity, both of which are important designations and capabilities for USDA to consider as part of any ICAM support and services. LS3’s System Integration capabilities fully address any integration and support needs for Logical Access Control System (LACS) and Physical Access Control System (PACS) environments and applications. LS3 offers a challenging and fast-paced environment, outstanding benefits, competitive salary, training, and potential for advancement. An Equal Opportunity Employer