90 applicants

Company

Maximus · 12 hours ago

Sr Analyst - Info Sec (Remote)

United States

Full-time

Remote

Senior Level

$88K/yr - $119K/yr

5+ years exp

Maximize your interview chances

Business Process Automation (BPA)Consulting

No H1B

U.S. Citizen Only

Insider Connection @Maximus

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Perform complex risk analyses and risk assessment.

Establish and satisfy Information Assurance (IA) and security requirements based upon the analysis of user, policy, regulatory, and resource demands.

Support customers in the development and implementation of doctrine and policies.

Advise information system owners on client/project security policies and requirements for systems.

Keep abreast of emerging security technologies and make appropriate recommendations regarding the enhancement of the security posture of systems and their implementation.

Create and manage System Security Plan and creation and or validation of all associated artifacts required to obtain DISA IL5 certification as well as NIST 800-53 compliance to include but not limited to a System Level Continuous Monitoring (SLCM) Strategy, HW/SW lists, Information Flow Diagrams, System Categorization Forms, System Topologies, Configuration Management Plan, Configuration Control Board (CCB) Charter, System and Services Acquisition Plan, System and Information Integrity Plan, System and Communication Protection Plan, Security Assessment and Authorization Plan, Risk Assessment Plan, Program Management Plan, Security Planning, Physical and Environmental Protection Plan, Personnel Security Plan, Media Protection Plan, Identification and Authentication Plan, Contingency Plan, Audit and Accountability Plan, Security Awareness and Training Plan, Incident Response Plan, Access Control Plan, Risk Assessment Review (RAR) and Plan of Action and Milestone (POA&M.)

Liaison with Maximus Federal business units, Maximus Corporate business units, and external stakeholders to ensure all legal and contractual requirements pertaining to cybersecurity, physical security, and Information Assurance are being met.

Communicate federal requirements to Maximus Information Security Office (ISO) and advise implementation of applicable security controls and hardening standards to governance and technical teams.

Assist the BISO and ISO Team in the identification and assignment of control owners throughout the organization and continually review controls on organizationally defined periodicities.

Actively collaborate with Maximus Threat and Vulnerability Management (TVM) Team to ensure applicable technologies are compliant with defined vulnerability remediation timelines and hardening standards via enterprise vulnerability management tools.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

DISA IL5 Certification ExperienceNIST 800-53 ComplianceSecurity AssessmentAuthorizationGRC Tools eMASSGRC Tools CFACTSGRC Tools CSAMVulnerability Management QualysVulnerability Management TenableSSP DevelopmentSTIG ComplianceDegree in Computer Science5+ Years Security ExperienceFISMA ComplianceCMMC KnowledgeNIST 800-171 KnowledgeNIST 800-60 KnowledgeNIST 800-65 KnowledgeSCRM KnowledgeFedRAMP KnowledgeDODI 8500s KnowledgeDODI 8500.2s KnowledgeDODI 8510s KnowledgeMicrosoft Office Proficiency

Required

Candidates must be a US Citizen

Bachelor's Degree in related field.

5-7 years of relevant professional experience required.

Equivalent combination of education and experience considered in lieu of degree.

Bachelor’s Degree in Computer Science or related field or the equivalent combination of education, training, or work experience.

5+ of security or technology related experience.

DISA IL5 Certification Experience

Strong understanding of federal and DoD requirements to include but not limited to applicable Executive Orders, FISMA, FIPS, CMMC, NIST 800-171, NIST 800-53, NIST 800-60, NIST 800-65, SCRM, FedRAMP, DODI 8500s, 8500.2s, and 8510s.

Experience with GRC tools (eMASS, CFACTS, CSAM).

Experience developing SSP’s and applicable artifacts required for A&A activities.

Experience with STIG compliance.

Experience with vulnerability management and assessment via Qualys and Tenable.

Works on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.

Exercises judgement in selecting methods, techniques, and evaluation criteria for obtaining results.

Networks with key contacts outside own area of expertise.

Develops solutions to a variety of complex problems.

Work requires considerable judgment and initiative.

Ability to communicate technical information in understandable business terms.

Excellent interpersonal skills, presentation skills, and verbal / written communication skills.

Strong customer service abilities required.