Senior Security Analyst

Evolver Federal is looking for a Senior Security Analyst to join our team supporting our government client. This position requires on-site support 1 day/week (Tuesdays or Thursdays) at our federal client's HQ located in Camp Springs, MD.

The successful candidate will assist the client with ensuring all aspects of the Risk Management/ Continuous Monitoring Program is operating as intended and make process improvement recommendations to drive efficiencies within the organization. The individual will act as a liaison between various groups within the client organization including but not limited to the Information System Security Officers (ISSOs), Security Control Assessment Team (SCA), and System Development & Maintenance Team as well as other groups (Federal and contractor) within the Information Security Division.

Responsibilities

• Using automated tools, support the Federal client in overseeing the Risk Management/ Continuous Monitoring Program including but not limited to ISSO outreach on compliance-related items, tracking completion of assigned tasks, compiling relevant data to address data calls providing information to entities internal and external to the client's organization.
• Document SOPs and Playbooks to include processes, procedures, and references to security policies to maintain and mature the client's Continuous Monitoring/ Risk Management Programs.
• Identify areas ripe for process improvement, formulate and present recommendations and implement related solutions.
• Understand and incorporate lessons learned from internal and external audits​ across the enterprise's portfolio of IT systems by working closely with the client's Audit Team.
• Develop informal and formal training materials for the ISSO community to include but not limited to microlearning video scripts and storyboards.
• Review documentation submitted in support of requesting a waiver for compliance with specified security requirements per the NIST SP 800-53 and provide recommendations to client for approval and acceptance of associated risk.
• Coordinate with the SCA team on testing of common controls, the client's RMIC Group for A-123 and external assessments, as well as the schedule for testing applications due to major changes.
• Perform quality assurance reviews of security documentation​ as needed to ensure content meets the intended requirements and is suitable to determine the security posture and associated risk of an IT system.
• Participate in process improvement initiatives to mature the client's internal business processes in areas including, but not limited to, vulnerability remediation, patch remediation efforts, STIG compliance, and standard OS images.
• Develop and maintain documentation relating to internal security processes and procedures, including related training materials.
• Develop briefings and presentations for Government PM and Executive Management.
• Perform other duties as assigned by the Government.
• Ability to work efficiently and effectively in a dynamic and fast-paced environment.
• Determine the clearest and most logical way to present information and instructions for greatest reader comprehension and write and edit technical information accordingly.
• Meet with SMEs in order to ensure that specialized topics are appropriately addressed in any work products assigned including but not limited to documentation, collaborative working sessions and other formal and informal settings.

Basic Requirements

• Bachelor's Degree in Information Technology or related field.
• 7 years of experience evaluating IT systems using NIST SP 800-53 in the federal government.
• 5 years of experience using one or more of the following tools: tenable.io, Nexus IQ Server, Splunk Enterprise v 7.3 and higher, DoJ CSAM, JIRA/ Confluence, CloudCheckr, PrismaCloud
• 5 years of working knowledge of the NIST SP 800-37 Risk Management Framework.
• 5 years of experience with NIST SP 800-53 and direct experience applying the NIST SP 800-53 to document and evaluate IT system compliance with specified control requirements.
• 5 years of experience communicating complex technical concepts to Information System Security Officers (ISSOs), Information Technology Project Managers (ITPMs), Database Administrators (DBAs), Application Developers, and Security Compliance Analysts, as well as non-technical POCs such as Branch Chiefs and Business System Owners.
• 5 years of experience in an Analyst role that requires adapting to frequent changes in priorities, following project schedules, meeting established deadlines, and proactively communicate project status, risks, and issues to the Contractor PM and/or Federal Leads.
• 5 years of experience adapting to an Agile environment and providing quality, professional deliverables in a short timeframe with little to no guidance from the Government.
• 5 years of client-engagement experience.
• Must be a US Citizen with suitable eligibility for Public Trust position.

Preferred Requirements

• 10 years of experience evaluating IT systems using NIST SP 800-53 in the federal government.
• 10 years of experience using one or more of the following tools: tenable.io, Nexus IQ Server, Splunk Enterprise v 7.3 and higher, DoJ CSAM, JIRA/ Confluence, CloudCheckr, PrismaCloud
• 10 years of working knowledge of the NIST SP 800-37 Risk Management Framework.
• 10 years of experience with NIST SP 800-53 and direct experience applying the NIST SP 800-53 to document and evaluate IT system compliance with specified control requirements.
• 10 years of experience communicating complex technical concepts to Information System Security Officers (ISSOs), Information Technology Project Managers (ITPMs), Database Administrators (DBAs), Application Developers, and Security Compliance Analysts, as well as non-technical POCs such as Branch Chiefs and Business System Owners.
• 10 years of experience in an Analyst role that requires adapting to frequent changes in priorities, following project schedules, meeting established deadlines, and proactively communicate project status, risks, and issues to the Contractor PM and/or Federal Leads.
• 10 years of experience adapting to an Agile environment and providing quality, professional deliverables in a short timeframe with little to no guidance from the Government.
• 10 years of client-engagement experience.
• Previous experience supporting Department of Homeland Security federal clients preferred.
• Familiar with DHS processes relating to Cyber Hygiene scanning and remediation.
• Ability to work independently and possess a solid understanding of cyber security concepts.
• Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
• Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
• Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
• Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.

Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.