Security Analyst

By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide.

Responsibilities

• Utilize a GRC tool such as eMASS for risk management.
• Review and update security documentation and support vulnerability management.
• Respond to security incidents and provide detailed incident reports.
• Recommend security enhancements to management or senior IT staff.
• Stay current on latest intelligence in order to anticipate security breaches.
• Review system weakness and identify vulnerabilities in the system by conducting regular audits.
• Review and track Nessus, Database, and Fortify Scan findings.
• Be comfortable with audit, security, FISMA, ISO 27001, HIPAA, and HITECH requirements.
• Communicate complex and technical information to non-technical staff efficiently and clearly.
• The candidate will be responsible for conducting routine audits such as user access and permissions, matrix reporting for vulnerability remediation efforts, tracking Plan of Action and Milestones.
• NIST 800-37 Risk Management Framework and NIST SP 800-53 requirements analysis

Required Experience/Qualifications

• 6+ years of experience in managing security programs for a variety of IT products, systems and networks both small and large and complex.
• Ability to ensure that records are maintained, security updates are promulgated, and staff are properly briefed.
• Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
• Experience with network architecture, topology, and protocols and familiarity with both operation systems and cloud platforms.
• Experience in coordinating with organizational security teams to ensure program consistency and compliance with all security requirements.
• Knowledge of organizational and agency level security requirements and ensures that systems and personnel comply with these standards.
• NIST 800-53 and Certification and Accreditation experience required.
• Must have comprehensive knowledge on the various levels of information security requirements.

Preferred Experience/Qualifications

• Veterans Affairs experience preferred.
• CISSP or similar certs preferred.
• Experience with ServiceNow Security Incident Response (SIR)
• Use of a GRC eMASS tool or similar

Special Requirements/Security Clearance

Candidate must be able to successfully complete a background check for Tier 4 (High) public trust

Physical Demands

An Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities