IT Security Analyst
- Steneral
44 Days Ago
NA
NA
Richmond-VA
8-12 Years
Required Skills: NIST 800-53 rev 5, Criminal Justice Information System specifications, Python, Java, JavaScript, C++, C#, SQL, HTML, IT security or risk assessment certifications CSS, COBOL,
Job Description
Job Title - IT Security Analyst
Type - Hybrid
Location - Richmond, VA
Need candidate within 70 miles only
Must ask candidate to send local DL copy
Description -
• Analyze the security impact of application, configuration, and infrastructure changes as part of the change management lifecycle to ensure compliance with the security standard.
• Assess the configurations of applications, servers, and network devices for compliance with the security standard.
• Analyze and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
• Assess and document the security impact and risks of newly discovered vulnerabilities in the environment.
• Coordinate resolution of application and infrastructure security vulnerabilities with System Owners, IT, and vendors. Track resolution of vulnerabilities and provide regular updates to management.
• Coordinate resolution of endpoint security vulnerabilities with users and provide regular updates to management.
o Respond to, and investigate, security incidents and provide thorough post-event analyses.
o Perform internal application penetration testing, document findings, and recommend improvements to improve the organization’s security posture.
o Complete annual password security audits and coordinate completion of agency-wide user access audits in compliance with the security standard.
• Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately.
o Create and maintain desk procedures and process documentation for all responsibilities.
Skills & Experience:
• 5 years of experience with NIST 800-53 rev 5 and/or Criminal Justice Information System (CJIS) specifications for an information security management system.
• 5 years of experience with software development lifecycle, vulnerability management processes, role-based authentication methodologies, etc.
• 5 years of experience with programming languages such as Python, Java, JavaScript, C++, C#, SQL, HTML, CSS, and/or COBOL.
• 5 years of experience in using automated vulnerability scanners like Nessus, Qualys, Retina, and/or Tenable.
• 5 years of experience with web application security testing tools like Burp Suite, Fortify, and/or AppScan.
• 5 years of experience with basic scripting skills (e.g. WDL, VBScript, JavaScript, PowerShell, Python) for automation
• 5 years of experience with IT security or risk assessment certifications are advantageous (CISM, CCSP, CISSP, CEH, CompTIA Pentest+ and/or CompTIA Security+
