Senior Security System / Information Assurance Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

Tantus Technologies, Inc. · 1 week ago

Senior Security System / Information Assurance Analyst

positionUS-DC-Washington
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$110K/yr - $120K/yr
date6+ years exp

Tantus Technologies, Inc. is recognized as a Top Workplace and is seeking an experienced Senior System Security / Information Assurance Analyst to lead cybersecurity initiatives across complex IT environments. This role involves assessing, developing, and implementing security policies and controls to protect critical assets and ensure compliance with federal and industry standards.

Information Technology
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Assess, develop, and implement security policies and procedures to align with frameworks such as NIST RMF, FedRAMP, FISMA, ISO 27001, and DoD STIGs
Conduct security risk assessments and gap analyses to identify vulnerabilities in systems and networks
Ensure compliance with federal regulations, industry standards, and organizational security policies
Assist in the preparation of System Security Plans (SSPs), Security Control Assessments (SCAs), and Authority to Operate (ATO) packages
Perform Plan of Action & Milestones (POA&M) management, tracking remediation efforts for security findings
Monitor security logs, alerts, and events using SIEM tools (e.g., Splunk, ArcSight, etc.) to detect, investigate, and mitigate cyber threats
Respond to security incidents, vulnerabilities, and breaches, conducting forensic analysis and impact assessments
Develop and refine incident response plans (IRPs) and participate in cybersecurity exercises and drills
Configure and manage security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security, and encryption solutions
Support the implementation of Zero Trust Architecture (ZTA) and Identity & Access Management (IAM) controls
Perform patch management and vulnerability remediation for IT assets, ensuring compliance with security benchmarks (DISA STIGs, CIS Benchmarks, SCAP)
Develop and maintain security documentation, policies, and procedures for system accreditation
Conduct security awareness training for employees and stakeholders
Support audit and certification processes, working with internal and external security assessors
Review secure software development lifecycle (SDLC) practices, ensuring applications meet security best practices
Assist in securing cloud-based environments (AWS, Azure, Google Cloud) through security controls like CASB, CSPM, and cloud encryption
Conduct security reviews for third-party applications and vendors to mitigate supply chain risks

Qualification

NIST RMFFedRAMPFISMAISO 27001Risk managementIncident responseSecurity policiesSIEM toolsCloud securityPythonPowerShellAnsibleTerraformIAMCIS BenchmarksCISACISSPCISMCEHCAPSecurity+Communication skillsOrganizational skills

Required

Bachelor's degree and six (6) years of relevant experience
Bachelor's degree must be in Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology, or other IT degree, engineering, math, and/or science
Active Clearance Required: Public Trust
Citizenship Required: No
Assess, develop, and implement security policies and procedures to align with frameworks such as NIST RMF, FedRAMP, FISMA, ISO 27001, and DoD STIGs
Conduct security risk assessments and gap analyses to identify vulnerabilities in systems and networks
Ensure compliance with federal regulations, industry standards, and organizational security policies
Assist in the preparation of System Security Plans (SSPs), Security Control Assessments (SCAs), and Authority to Operate (ATO) packages
Perform Plan of Action & Milestones (POA&M) management, tracking remediation efforts for security findings
Monitor security logs, alerts, and events using SIEM tools (e.g., Splunk, ArcSight, etc.) to detect, investigate, and mitigate cyber threats
Respond to security incidents, vulnerabilities, and breaches, conducting forensic analysis and impact assessments
Develop and refine incident response plans (IRPs) and participate in cybersecurity exercises and drills
Configure and manage security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security, and encryption solutions
Support the implementation of Zero Trust Architecture (ZTA) and Identity & Access Management (IAM) controls
Perform patch management and vulnerability remediation for IT assets, ensuring compliance with security benchmarks (DISA STIGs, CIS Benchmarks, SCAP)
Develop and maintain security documentation, policies, and procedures for system accreditation
Conduct security awareness training for employees and stakeholders
Support audit and certification processes, working with internal and external security assessors
Review secure software development lifecycle (SDLC) practices, ensuring applications meet security best practices
Assist in securing cloud-based environments (AWS, Azure, Google Cloud) through security controls like CASB, CSPM, and cloud encryption
Conduct security reviews for third-party applications and vendors to mitigate supply chain risks
Writing scripts in Python, PowerShell, or Bash for security automation and log analysis
Automating security control enforcement using Ansible, Terraform, or cloud-native security tools
Securing cloud environments (AWS, Azure, Google Cloud) with Zero Trust, CASB, and cloud-native security controls
IAM, Privileged Access Management (PAM), and Role-Based Access Control (RBAC)
Knowledge of cyber threats, attack vectors, Advanced Persistent Threats (APTs), and malware analysis
Security Information and Event Management (SIEM) solutions like Splunk, ArcSight, or QRadar
Firewalls, IDS/IPS (Snort, Suricata), VPNs, and endpoint security solutions
Secure configurations based on CIS Benchmarks, DISA STIGs, and SCAP tools
Proficient in analysis activities and capable of applying theoretical body of knowledge, including the ability to apply a variety of standard and advanced analytical techniques and tools
Assessing risk impact and security control effectiveness in real-world scenarios
Making data-driven decisions to improve security posture while balancing operational requirements
Ability to analyze security threats, correlate logs, and identify vulnerabilities in systems and networks
Troubleshooting security issues across multi-layered architectures
Ability to make decisions in accordance with established policies, guidelines and standards
Working with cross-functional teams, executives, and auditors to implement security best practices
Training employees on security awareness and compliance programs
Staying updated with emerging threats, security technologies, and regulatory changes
Ability to quickly adapt security strategies to evolving IT environments and threats
Writing security reports, compliance documentation (SSPs, POA&Ms), and security policies
Communicating security risks effectively to both technical and non-technical stakeholders
Strong organizational skills with the ability to multi-task, manage time effectively, and handle tight deadlines
Highly responsive to requested needs
Extensive knowledge of business issues and processes as well as IT and Security resources and enabling technologies
Skilled in the use of advanced analysis, facilitation and consultative techniques and tools and the ability to apply them in multiple settings of significant complexity
Excellent oral and written communication skills including the ability to effectively consult with stakeholders on a diverse range of IT activities
Ability to work with confidential and proprietary information using utmost discretion
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified Authorization Professional (CAP), Security+, Information Technology (IT) certification, or equivalent certification
Personnel may obtain the required certification within a period not to exceed one (1) year, where applicable

Company

Tantus Technologies, Inc.

twittertwittertwitter
company-logo
Tantus Tech is an IT consulting firm that supports mission-critical programs for federal agencies, specializing in PMO, Health IT, Financial Management, and Tech Solutions.
dateFounded in 2007
location
Arlington, Virginia, USA
people-size51-200 employees
web-link
http://www.tantustech.com

Funding

Current Stage
Growth Stage
Total Funding
unknown
2015-01-01Seed

Leadership Team

leader-logo
Rhian Thompson
Chief Operating Officer
linkedin

Recent News

citybiz
Andrew Candreva Joins Tantus Tech as Director of Strategy
2025-03-29
PR Newswire
Growth Executive, Andrew Candreva, Joins Tantus Tech as Director of Strategy
2025-03-28
PR Newswire
Tantus Technologies, Inc. Awarded GSA OASIS+ Contract in Management & Advisory Domain
2025-02-11
Company data provided by crunchbase