IT Systems Security Analyst

Job Description:

Upper Mohawk, Inc. a Native Owned Company, is looking to fill four (4) positions for a IT SYSTEMS SECURITY ANALYST.  The IT Security Systems Analyst position will be performing Certification and Accreditation tasks for a major Federal Government Agency, which will include: Work with Agency staff and management to categorize the information system and the information processed, stored, or transmitted by the system in accordance with FIPS pub 199, Security Categorization of Federal Information and Information Systems.  Produce documentation outlining the security objectives for information and information systems based on Confidentiality, Integrity, and Availability and the levels of potential impact (low, moderate or high).Develop risk assessments (RA) based on Department Guideline and NIST SP 800-30, Risk Management Guide for Information Technology Systems. Identify the boundaries for the system.  Contractor analyzes the threats to and vulnerabilities of information systems and the potential impact or magnitude of harm that the loss of confidentiality, integrity, or availability would have on Agency's operations an assets.  Prepare all associated documentation.Provide expertise in security planning and shall develop system security plans (SSP).  Contractor shall use DOI Guidelines, NIST SP 800-18, NIST 800-53, and NIST SP 800-26 (Rev 1) as appropriate in documenting the security requirements and security controls planned or in place for protection of information and information systems.  Prepare all associated documentation. Develop security test and evaluation (ST&E) plans based on DOI Guidelines and NIST SP 800-37 and NIST SP 800-53A. Implement Plan to test and evaluate key security controls to ensure that the controls are working properly and are effective (testing may include network scans, analysis of router and switch settings and penetration testing).  Prepare all associated documentation.Develop Plan of Action and Milestone (POA&M) Recommendations, using Department POA&M Guidance and Agency POA&M.Conduct gap analysis and evaluation of current C&A documents, provide IT Security Planning Consultation, and perform Quality Assurance functions. Develop Contingency Plans and Contingency Test Plans to restore and resume functions, operations, and resources in an emergency situation or following a disruption.Provide support for training in security related areas. Provide support in the development of security-related policies.

 

Job Qualifications/Requirements:

Resume must include minimum salary requirement and three references with phone numbers within the continental United States to be considered.

The successful candidates shall possess a minimum of three years experience in a majority of the areas listed below:Extensive knowledge in applying the suite of National Institute of Standards (NIST)and other Federal regulations pertinent to IT Security.Information Technology (IT) SecurityCertification and Accreditation Procedures and ProcessPhysical and Environmental Protection (infrastructure protecting the major applications and general support systems)System Development Life Cycle MethodologyActive directoryAnalysis, RISK managementDesign and conducting of routine test and examinations (network scans, penetration testing, analyses o fire wall, routers and switch settings)Development of systems security plansDevelopment of plans of actions and milestones for mediating vulnerabilitiesAbility to describe and interpret system and network boundariesConducting certification requirements reviewsPolicy developmentWorking successfully in a team environment

 

There is no relocation reimbursement offered.