Senior Information Sysems Security Analyst

Summit Technologies, Inc. is seeking a Senior Information Systems Security Analyst to support our government client. Senior Information Systems Security Analyst support IT management with control assessment, development, and maintenance, and risk assessment and response development.

This is a hybrid role based in Washington, DC. Candidates must be eligible for a Public Trust clearance.

Duties & Responsibilities :

• Develop and maintain IT security controls per NIST SP 800-53 and agency security standards.
• Support the Information System Security and Privacy Officer (ISSPO) with managing and documenting the agency’s security posture.
• Collect and validate control implementation statements from subject matter experts.
• Conduct risk assessments for security issues and propose resolutions.
• Communicate and document control deficiencies for POA&M consideration.
• Support Continuous Security Monitoring for compliance with agency security policy.
• Assist in developing security policies to ensure compliance.
• Conduct security reviews for changes impacting hardware, software, baselines, and connections.
• Review and assess POA&M outputs and recommend additional work or closure.
• Support IT Governance, Risk, and Compliance activities, including standards management.
• Provide information for status reports, briefings, schedules, and project plans (written and oral).
• Stay up-to-date on IT trends and security standards.
• Provide quality deliverables with minimal edits and provide feedback on federal security doctrine.

Skills & Experience :

• A solid understanding of IT security controls, tools, and concepts.
• Experience working with IT platforms such as Microsoft Office 365, Azure, Cisco, Oracle, etc.
• Understanding of OMB M-22-09 and EO 14028.
• Experience with NIST Risk Management and Cybersecurity Framework, FISMA, NIST 800-53, and IT control processes.
• Experience implementing security measures within information systems engineering projects.
• Understanding of web application security concepts, such as OWASP Top 10 vulnerabilities.
• Knowledge of cloud security principles and best practices, particularly for major cloud platforms like AWS, Azure, or Google Cloud.
• Familiarity with GRC frameworks / tools (Archer, eMASS, CSAM) and SA&A tools (Xacta).
• Knowledge of cyber-attack patterns, Tactics, Techniques, and Procedures.
• Ability to adapt security processes / tools to evolving landscapes and risk scenarios.
• Proficiency in network security principles, including firewalls, intrusion detection / prevention systems (IDS / IPS), VPNs, and secure network architectures.
• Strong understanding of operating systems (e.g., Windows, Linux / Unix) and their security features and vulnerabilities.
• Knowledge of encryption protocols and techniques, such as SSL / TLS, AES, RSA, etc.
• Familiarity with security assessment tools and techniques, including vulnerability scanning, penetration testing, and ethical hacking.
• Experience with security information and event management (SIEM) systems for log analysis and threat detection.
• Good interpersonal and communication skills (verbal and written).
• Experience producing high-quality deliverables with minimal edits, quick review, and feedback on federal security doctrine.
• Ability to document processes and explain complex policies in simple terms.
• Familiarity with latest IT trends and security standards.
• Excellent analytical thinking, and problem-solving skills.

Education & Certification :

• Bachelor’s degree and nine years relevant IT experience; Or
• Graduate degree and seven years relevant IT experience.
• Any of the following certifications (CISSP, CISM, CompTIA Security+).

Security Requirements :

All candidates must be eligible to obtain a Public Trust Clearance.

If you feel you are qualified and want to be considered for this position, please supply the following to : s9dw3k9srtpo4y6xrr7p37trjo@crelate.

net , and please put the job number 6664 ’ in the subject line :

• Updated resume including MM / YYYY for each employer.
• Best times / dates to interview (plus phone # you can best be contacted at).
• Availability to start once given formal offers.

Summit Technologies Inc. appreciates your interest. We will contact the best matching prospects and will consider you for future opportunities.

We will not submit your resume without your prior knowledge and consent. We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, disability or veteran status.