Apply on Employer Site

Maximus · 11 hours ago

Lead Analyst - Info Sec

United States

Full-time

Remote

Senior Level, Lead/Staff

$108K/yr - $147K/yr

7+ years exp

Maximus is a company focused on providing services to federal customers, and they are seeking a Lead Analyst - Info Sec to manage security policies and compliance for DoD Cloud environments. The primary responsibilities include creating and managing System Security Plans, performing vulnerability assessments, and ensuring compliance with federal security requirements.

Business Process Automation (BPA)ConsultingEducationGovernmentGovTechHealth CareInformation Technology

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Performs application vulnerability assessments to identify application vulnerabilities

Performs network vulnerability assessments to identify host vulnerabilities

Identifies, analyzes, and prioritizes vulnerability findings

Analyzes system configurations to identify possible security gaps and/or compliance violations

Establishes collaborative working relationships with internal resources to provide security assessments, reports, and recommendations

Performs other related duties as assigned

Create and manage System Security Plan and creation and or validation of all associated artifacts required to obtain DISA IL5 certification as well as NIST 800-53 compliance to include but not limited to a System Level Continuous Monitoring (SLCM) Strategy, HW/SW lists, Information Flow Diagrams, System Categorization Forms, System Topologies, Configuration Management Plan, Configuration Control Board (CCB) Charter, System and Services Acquisition Plan, System and Information Integrity Plan, System and Communication Protection Plan, Security Assessment and Authorization Plan, Risk Assessment Plan, Program Management Plan, Security Planning, Physical and Environmental Protection Plan, Personnel Security Plan, Media Protection Plan, Identification and Authentication Plan, Contingency Plan, Audit and Accountability Plan, Security Awareness and Training Plan, Incident Response Plan, Access Control Plan, Risk Assessment Review (RAR) and Plan of Action and Milestone (POA&M)

Liaison with Maximus Federal business units, Maximus Corporate business units, and external stakeholders to ensure all legal and contractual requirements pertaining to cybersecurity, physical security, and Information Assurance are being met

Communicate federal requirements to Maximus Information Security Office (ISO) and advise implementation of applicable security controls and hardening standards to governance and technical teams

Assist the BISO and ISO Team in the identification and assignment of control owners throughout the organization and continually review controls on organizationally defined periodicities

Actively collaborate with Maximus Threat and Vulnerability Management (TVM) Team to ensure applicable technologies are compliant with defined remediation timelines and hardening standards via enterprise vulnerability management tools

Qualification

DISA IL5 CertificationNIST 800-53Vulnerability ManagementSecurity AssessmentSecurity+ CertificationCISSP CertificationDynamic Application Security TestingGRC Tools ExperienceOWASP Top 10Analytical SkillsCustomer Service AbilitiesCommunication SkillsInterpersonal SkillsProblem-Solving Skills

Required

Bachelor's Degree

7-10 years of security or technology related experience

Knowledge of IPv4 network architecture and core services

Knowledge of web application development and architecture

Knowledge of network security controls

Knowledge of vulnerability management

Experience with dynamic application security testing (DAST) tools

Experience with vulnerability management (VM) tools

Familiarity with OWASP Top 10

Familiarity with WASC Threat Classification

Familiarity with CVE

Familiarity with NIST SP 800-53

Experience with automated service ticketing systems

Excellent analytical, decision-making, and problem-solving skills

Ability to communicate technical information in understandable business terms

Excellent interpersonal skills, presentation skills, and verbal / written communication skills

Strong customer service abilities required

Ability to work collaboratively with a broad range of staff

Skilled in Microsoft Office software including Word, Excel, Visio, MS Project, and PowerPoint

Ability to perform comfortably in a fast-paced, deadline-oriented work environment

Ability to execute many complex tasks simultaneously, and work as a team member as well as independently

Have a DoD secret clearance status or eligible to obtain secret clearance status

Strong understanding of federal and DoD requirements to include but not limited to applicable Executive Orders, FISMA, FIPS, CMMC, NIST 800-171, NIST 800-60, NIST 800-65, SCRM, FedRAMP, DODI 8500s, 8500.2s, and 8510s

Experience with GRC tools (eMASS, CFACTS, CSAM)

Experience developing SSP's and applicable artifacts required for A&A activities

Experience with STIG compliance

Experience with vulnerability management and assessment via Qualys and Tenable