The PII/PHI and Backup Data Encryption Senior Security Analyst position requires an in-depth knowledge of and experience with FIPS 140-2 and NIST 800 focused on backup data encryption. The position is responsible for understanding, reviewing, and interpreting FISMA risk assessment results to reduce technical risks. The position is responsible for understanding threats, vulnerabilities, basic risk discovery, and reporting security related activities.
Duties and responsibilities will include, but are not limited to:
� This position may require a minimum of 25 % travel (INCONUS).
� Review backup data encryption (BDE)security controls to mitigate FISMA findings at the facility level
� Conduct analysis and aggregation of Security Control and POA&M evidence from various sources
� Maintain knowledge of current BDE security trends and can clearly communicate them to the client
� Analyze encryption assessment data to identify technical risks to the organization
� Support the identification and impact classification for new vulnerabilities identified in the client' s environment
� Assist client in identification and reduction of BDE findings at a facility and enterprise level.
� Assess the cybersecurity risk of IT systems documenting them in formal risk assessments and supporting artifacts associated with the Assessment & Authorization (A&A) process
� Organize, develop, and present briefings, written summaries, and written reports incorporating narrative, tabular and/or graphic elements
� Applies knowledge of security principles, policy and regulations to daily tasking
� Has experience with cybersecurity document management and is familiar with security and privacy rules.
� Researches policies, procedures, standards, and guidance, and recommends needed changes under specific conditions for the protection of information and information systems
� Master's degree in a computer science, electronics engineering or other engineering or technical discipline is required with 5 years of experience (10 years of additional relevant experience may be substituted for education for a total of 15 years of experience)
� Experience with cybersecurity policy.
� Must be well versed in cybersecurity tools, network topologies, intrusion detection and secured networks.
� Must have familiarity and experience in the implementation of cybersecurity regulations.
� Experience with or exposure to NIST-800 requirements.
� Experience with or exposure to FIPS 140-2 requirements.
� Experience with or exposure to VA 6500 requirements is a plus.
� Must be a team player.
� Must be willing to take on other tasks as assigned
� Proven experience executing assessment activities using RMF.
� Experience related to Application security, code security, vulnerability and risk assessments, security policy development and review, general IT and security controls development, compliance readiness (i.e. NIST 800- Series, DIACAP, FISMA, FIPS) and technical security architecture/ design/ development/ implementation.
� Experience performing vulnerability assessments and information security control audits
� Familiarity with enforcing security policies and recommending revisions to policies to ensure proper IT security.
� Good understanding of security awareness training for users and IT Personnel and Business Continuity plans and processes.
� Very good written and verbal communication skills
� Experience with network and application security testing tools
� CISSP, CISA, GIAC, and Security+ certification is a strong plus.
$70K - $77.5K