Talent.com
No se aceptan más aplicaciones
Security Analyst

Security Analyst

Synergy ServicesReston, VA, United States
Hace 8 días
Tipo de contrato
  • A tiempo completo
Descripción del trabajo

Description

Synergy Business Innovation & Solutions is a premier implementer of cutting-edge software solutions. Synergy brings the experience and expertise necessary to deliver capability that provides tangible ROI to our customers. Synergy's core areas of expertise are in the fields of Digital Transformation, Cloud Solutions, SaaS and Low-Code / No-Code solutions, Emerging Technologies, Data analytics and Visualization, Information Assurance, and Business Process Re-Engineering.

Synergy offers its employees a generous portfolio of core and voluntary benefits including : group medical, dental, and vision insurance, company paid life, short-term, and long-term disability insurance; HSA, FSA; 401(k) with immediately vested company match; PTO / Sick Leave, 11 paid federal holidays, parental leave; tuition and training reimbursement; a referral bonus program; and life management programs.

At Synergy, you'll be challenged and given the opportunity to grow in your career path. In fact, growth is such a big deal to us that you will have dedicated career coaches available for every employee, company-funded certification opportunities, education reimbursement, and a general open-door policy so that you have support when you need it. Our team is eager to learn, fast-paced, and quality-driven-if that sounds like you, Synergy has a position for you!

Description :

  • We are seeking a mid-level Security Analyst. The candidate will work for the engineering division that supports developing and managing a suite of enterprise services and applications. As a member of the DevSecOps team, the candidate will focus on integrating security requirements with automated testing, code integration, and deployment processes and procedures. The candidate will work closely with our Development, DevOps, Support, and administrative teams in an agile environment to maintain the security posture of systems in compliance with federal government standards.

Essential Functions & Duties :

  • Execution of Risk Management Framework
  • Perform Security Impact Assessment for all application and environment updates.
  • Coordinate between multiple teams to ensure user stories have accurate and specific acceptance criteria that support compliance and control requirements.
  • Develop an in-depth understanding of customer requirements to quantify security and application risks, and perform impact assessments
  • Identification, authoring, and monitor of necessary controls to achieve and maintain compliance
  • Oversight, expertise, technical security strategy, standards, and best practices for security categorizations (low, moderate and high).
  • Reviews, testing and implementation of security requirements within project plan timelines.
  • Research and tracking of security standards, policies, and procedures.
  • Support for multiple project assignments with strong and effective communication, time management and collaboration skills.

    • Skills, Qualifications and Certifications of Best Candidates :

  • Documented experience executing Risk Management Framework (RMF, NIST-800-53)
  • Control identification, definition, implementation, and monitoring
  • Experience with agile software development
  • General knowledge of security best practices and compliance requirements
  • Excellent organizational and communication skills are mandatory for various stakeholder audiences
  • Experience collaboratively establishing secure configuration baselines for technologies
  • Knowledge or experience with conducting Assessment and Authorization (A&A) and Continuous Monitoring following NIST guidelines
  • Knowledge or experience developing security documentation and conducting reviews for A&A packages
  • Review and verify policies and procedures are developed in line with all applicable federal and LOC security standards and regulations
  • Maintain, track, and communicate detailed project tasks
  • Develop and update security documentation including but not limited to :
  • Determine baseline IT security requirements in accordance with FIPS 199
  • Identify and visually demonstrate system boundaries, select security controls, and ensure implemented controls are adequate for COTS or proprietary web applications. Provide recommendations as necessary to meet or improve controls
  • Ensure security policies are developed, maintained and updated to meet IT security best business practices and standards, including Federal Info Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) 800-53 - IPS federal info processing standard
  • Be able to review security scans, advise on triaging vulnerabilities, and be able to provide recommendations on mitigating security risks
  • Assist with testing and training functional teams, and advise them on providing security implementation evidence as necessary
  • Assists with documenting and managing artifacts in Atlassian Suite (JIRA, Confluence) and CSAM security repositories, including but not limited to writing implementation statements
  • Assists Information Systems Security Managers (ISSMs) in generating ATO packages
  • Conduct continuous monitoring and reporting of security control implementations
  • Must evaluate business strategies and requirements to develop security strategies, assess risk, research standards, and determine security requirements as necessary
  • Experience with security tools such as Splunk, Nessus, SonarQube, SIEMs and Static Code Analyzers
  • Other duties as assigned

    • Preferred Qualifications :

  • 7+ years' experience in an enterprise security role preferred
  • Experience in DevSecOps
  • Familiarity with FISCAM Audit Process and FIAR Compliance
  • Proficient in the Atlassian suite of agile tools : Confluence and Jira
  • Working with BPM (Business Process Management) application
  • Working with API services
  • Experience with security tools such as STIG Viewer and Nessus vulnerability scanner
  • Experience with Java and other programming languages
  • Experience with Federal Government systems
  • Federal Government Secret Clearance

    • Citizenship or Work Authorization Required :

  • US citizen
  • Ability to obtain and maintain Federal Government Secret Clearance
  • Must pass a background investigation.

    • Required Education & Experience :

  • Bachelor's degree in Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or an Engineering degree from an accredited
  • institution. A required certification may be accepted in lieu of education requirement.
  • The U.S. Department of Education Database of Accredited Postsecondary Institutions and Programs located at identifies accredited postsecondary institutions and programs that are within the U.S. and its territories.

    • Required Certification :

  • In accordance with DOD Cyber Workforce Qualifications Matrices Management, Security+ is required for candidates that do not possess a Bachelor's degree in Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in Engineering from an accredited
  • institution. The U.S. Department of Education Database of Accredited Postsecondary Institutions and Programs located at identifies accredited postsecondary institutions and programs that are within the U.S. and its territories. Certification must be obtained within six (6) months of hire. Certification must be obtained within 6 months of hire

    • Compensation for roles at Synergy varies depending on a wide variety of factors including but not limited to the requirements of the role; education and certifications; knowledge, training, skills and abilities; level of experience; geographic location; and alignment with market data, law, and other business and organizational needs. As required by local law, the posted pay range represents the lowest to the highest pay that Synergy believes in good faith it might pay for this particular job, depending on the circumstances. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. It is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.

    A reasonable estimate of the current pay range is : $70,000.00 - $95,000.00.

    Essential Job Function Physical Requirements : The physical requirements of this position are critical in evaluating the qualifications and abilities of an applicant or employee. The physical efforts needed to perform the essential duties of this job 90% of the time are repetitive motions, grasping, holding, and finger dexterity of the hands, reading, writing, eye-hand coordination, color distinction, and full visual abilities, hearing, talking, sitting, and use of IT equipment, phones, and office machines.

    To a reduced degree,

    Synergy is an equal opportunity employer, and does not discriminate against applicants for employment or its employees on the basis of age, race (including hair texture / style), creed, color, religion, religious creed, ancestry, national origin, ethnic origin, sexual orientation, gender identity or expression, military or veteran status, sex, medical condition, pregnancy (childbirth, breastfeeding, and related medical conditions), physical or mental disability, personal appearance, organ donation and hair length associated with race, genetic information or characteristics, family responsibilities, familial status, marital status, citizenship or immigration status, status as a victim of domestic violence, a sexual offense, or stalking, political affiliation, arrest records and criminal convictions, credit information, matriculation, homeless status, or any other characteristic protected by federal, state and local law. Discrimination or harassment based upon these protected categories is expressly prohibited. This policy applies to all aspects of employment, including job selection, assignment, promotion, compensation, benefits, training, discipline and termination.

    #LI-Remote

    Crear una alerta de empleo para esta búsqueda

    Security Analyst • Reston, VA, United States