Senior Security Analyst

March 11

Apply Now

Receive Emails with Similar Jobs

TISTA Science and Technology Corporation

WebsiteLinkedInAll Job Openings

TISTA Science and Technology Corporation is a service-disabled veteran-owned technology company dedicated to supporting various sectors through comprehensive service offerings such as cybersecurity, data science, application engineering, and health IT. The company focuses on delivering innovative solutions that secure and modernize mission-critical systems while also emphasizing community engagement and leadership development. TISTA actively invests in veteran communities and collaborates with educational institutions to provide scholarships and real-world experience to students, making a positive impact on the lives of those they serve.

Software and Database Development • Quality Assurance • Network and Critical Infrastructure Protection • Program Management • Engineering Support

1001 - 5000 employees

Founded 2005

🔒 Cybersecurity

⚕️ Healthcare Insurance

📋 Description

• Work as part of cross-functional Agile and SDLC project teams or support individual products • Conduct security authorization and assessment activities and tasks and obtain an Authorization to Operate (ATO) in line with NIST and client guidance and directives • Determine the baseline IT Security requirements for IT Systems, diagram system authorization boundaries, determine system categorization based on FIPS-199 • Manage vulnerabilities • Conduct technology evaluation and system design review to assess the effectiveness of existing controls and provide meaningful recommendations • Monitor progress, manage risk, and ensure key stakeholders are kept informed about progress and expected outcomes, and propose and take corrective action as appropriate • Assist in Federal Information Processing Standard (FIPS) categorization of applications/systems • Participate in risk assessments, vulnerability scans and penetration testing of new and existing systems to identify, investigate and document security weaknesses • Document and implement security controls using NIST standards • Review and generate authorization and assessment system documentation as needed: Security Assessment Reports (SARs), Privacy Threshold Assessments (PTA), Privacy Impact Analysis (PIA), Disaster Recovery Plans (DRP), Information System Contingency Plans (ISCP), Incident Response Plans (IRP), Risk Assessment Reports (RARs), Standard Operating Procedures (SOPs) and Plans of Action and Milestones (POAMS) • Create and maintain project content in the Governance, Risk, and Compliance (GRC) tool per client’s guidance. • Identify and report detailed Plan of Action and Milestone (POAMs); manage and monitor for corrective actions • Review and analyze system scan reports • Provide guidance on security requirements for systems hosted in cloud (including FedRAMP) versus on-premise • Research and stay up-to-date on industry standards and any new vulnerabilities and risks • Assess systems to analyze risk and report weaknesses findings • Work with developers and DBAs in addressing findings • Assess and review current technology infrastructure to identify key risk areas, and ensure adequate levels of controls are in place to address those risks • Participate in and support internal and external compliance initiatives including audit requests, tabletop exercises, security training, and other tasks associated with improving the company’s security posture

🎯 Requirements

• 5+ years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field • Recognized IT security certification, such as Security+ or Certified Information Systems Security Professional (CISSP) • Proficiency with developing, maintaining and managing security authorization and assessment packages • Experience with developing and managing POA&Ms • Technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities • Technical experience with reviewing vulnerability scans and providing mitigation techniques • Experience in participating in SCA’s • Experienced writing security-related policies and procedures and conducting audit log reviews • Knowledge of and experience with Federal security regulations, standards, and processes including FISMA and NIST • Experience with NIST Special Publications and guidance • Strong problem-solving and analysis skills, self-motivated, and able to work and communicate in a team environment • Experience with maintaining security packages in a Governance, Risk, and Compliance tool • Strong written and oral communication skills • DevSecOps experience a plus • Enterprise Mission Assurance Support Service (eMASS) experience

🏖️ Benefits

• Above Industry Healthcare Benefits • Remote Working Options • Paid Time Off • Training/Certification opportunities • Healthcare Savings Account & Flexible Savings Account • Paid Life Insurance • Short-term & Long-term Disability • 401K Match • Tuition Reimbursement • Employee Assistance Program • Paid Holidays • Military Leave • Much more!