You are viewing a preview of this job. Log in or register to view more details about this job.

Information Security Analyst IV

Thorheed Titan LLC
Email

We are seeking an experienced Information Security Analyst IV to provide security support services while ensuring compliance with security control requirements across a diverse systems portfolio. The role involves continuous monitoring of cybersecurity posture to protect against threats, facilitating the implementation and usage of security tools, and ensuring successful program Authorization to Operate (ATO). The analyst will coordinate communication and visualization of security issues, working with product teams, information owners, engineering, and infrastructure staff to ensure effective remediation. Additionally, the analyst will respond to security-related inquiries, maintain security documentation, and provide expertise throughout the system development lifecycle.

Responsibilities:

  • Collaborate with Product Owners, ISSOs, and engineering staff to implement security policies, standards, and procedures.
  • Analyze and respond to new or updated security requirements, providing clear and accurate guidance to stakeholders.
  • Review and update ATO artifacts, including System Security Plans, Contingency Plans, Configuration and Change Management Plans, Incident Response Plans, and Privacy Impact Analyses.
  • Interpret security risk assessments, review scan results, assess vulnerabilities, and develop remediation plans via POA&Ms.
  • Develop implementation and design documentation for security features.
  • Document remediation plans for vulnerabilities and compliance issues with engineering and infrastructure personnel.
  • Communicate agency security requirements to non-security personnel.
  • Support continuous monitoring and ATO efforts with product teams, ISSOs, and other stakeholders.
  • Conduct vulnerability assessments and monitor systems, networks, databases, and web-based assets for breaches.
  • Respond to alerts, investigate, and resolve higher-level security incidents.
  • Manage security tool outages, tune security rules and alerts, and maintain dashboards and reports.
  • Research security trends and new attack vectors to preempt breaches.
  • Educate users and new employees on security requirements and procedures.
  • Recommend risk mitigation process improvements.
  • Apply iterative security automation to enhance overall security posture.
  • Review audit logs in Splunk, present findings to ISSOs, and plan investigation or remediation activities.
  • Conduct periodic user and privileged access reviews.

Requirements:

Required Qualifications:

  • Minimum of 7+ years of relevant experience.
  • Bachelor’s degree in Computer Science, Information Systems, Engineering, Business, or related field. (Six years of IT experience and four years of specialized experience can substitute for the degree.)
  • Familiarity with Agile methodologies.
  • Knowledge of AWS security tools and their functions.
  • Experience in defining and documenting change management processes.
  • Understanding of hardening standards (DISA STIG, CIS).
  • Knowledge of NIST Risk Management Framework and NIST 800-53 rev5.
  • Experience with CI/CD, DevSecOps, and security decision gates.
  • Understanding of SAST, DAST, IAST, and OAST tools within CI/CD.
  • Knowledge of business security practices, current security tools, communication protocols, and encryption techniques.
  • Experience managing systems in AWS cloud environments and using AWS tools and services.
  • Experience designing security into cloud architectures, applications, data processing, AI/ML, and CICD pipelines.
  • Proven experience in computer networking, cryptography, security engineering, vulnerability assessments, and operating systems.
  • Broad experience with cloud services, Linux systems, GitHub, GitHub Actions, and security tools.
  • Ability to assess vulnerabilities and provide recommendations.
  • Strong analytical, problem-solving, and critical-thinking skills.
  • Excellent organizational and time-management skills in a fast-paced environment.
  • Strong customer service skills and ability to deal confidently and ethically with customers.
  • Experience with government agency security assessment processes.
  • Experience with Atlassian Jira and Confluence.
  • Ability to obtain and maintain a Public Trust and reside in the United States.

Desired Qualifications:

  • Experience with federal government contracting.
  • Preferred certifications such as CISSP, CEH, GIAC.
  • Experience with SIEM systems (e.g., Splunk).