The main function of a Security Analyst is to be responsible for definition and implementation of security requirements and standards for the security aspects of major projects.
Conduct internal investigations related to computer security, including computer forensics. Apply knowledge of security principles, theories, and concepts, business/function and development life cycle.
Work closely with developers and evaluate business requests to determine feasibility.
Work with Software Engineers to define alternatives and recommend optimal solutions to meet security and regulatory requirements in the design of new/enhanced systems.
Ensure established security policies and standards are observed by consulting with business owners on project.
Document and coordinate changes and enhancements of security standards and procedures, prepare and/or present documentation of business/technical presentations, provide technical support for the member(s)/business to ensure adherence to requirements, and document problem areas/coordinate resolutionsInvestigate/research industry business/technical security processes.
Bachelor’s degree in a technical field such as computer science, computer engineering or related field required
8+ years experience required
Proven experience in an Information Security practice
Knowledge of security architecture of web based networks and environments
Advanced knowledge of security protocols and standards, experience with software and security architectures
Experience in security design and technology assessment
Security design and implementation of web based security architecture for secure on-line transactions
Strong verbal and written communication skills
Major Job Purpose:
Ensure compliance with government, industry, and internal IT policies, regulations, standards, and guidelines.
Provide leadership and subject matter expertise to drive effective compliance with FISMA, including migration from NIST 800-53 Rev 3 to Rev 4. Execute all processes necessary to maintain FISMA compliance, including SSP and POA&M maintenance, in a manner that is effective, efficient, and timely.
Demonstrated experience preparing C&A/A&A packages, performing NIST SP800-53 security control assessments, and performing ISCM in accordance with NIST SP800-137 expected.
Experience working with Rsam’s GRC platform (not to be confused with CSAM) a plus.
Experience facilitating compliance with FISMA and NIST SP800 family of standards and guidelines is firmly required.
Experience with PCI-DSS, FBI-CJIS, SOC, SEC Section 31, ISO27000, SIG/AUP and technology-specific secure configuration guidelines (e.g. MS Windows, Linux) a plus.
Certifications: CISA, CISSP, CISM, PMP, and CTPRP are desirable.