12 days old

Sr. Information Security Analyst (Remote)

Centreville, VA 20121 Work Remotely
  • Job Code
    R118722

Minimum Clearance Required to Start:

Not Applicable/None

Job Description:

Sr. Information Security Analyst (Remote)

Your talent for collaboration sparks new ideas

You enjoy putting your head together with colleagues to build on ideas. Your collaborative spirit encourages others to feel that they're being heard and acknowledged. You participate fully in analyzing possible scenarios and considering different solutions. Your acceptance of new perspectives cultivates relationships in an environment of respect. We invite you to apply.

Summary:

The focus for the Senior Information Security Analyst covers information security, information assurance, and compliance design, integration, implementation, modification, and coordination of the installation, testing, operation, and disposition of hardware and software systems. Functions may include conducting analyses, developing functional and technical requirements and specifications, documentation, monitoring the availability, serviceability, and recoverability of installed technology security systems, implementing information security procedures and tools, maintaining systems configuration, managing the installation and integration of system patches updates, and enhancements, and ensuring the rigorous application of information security/information assurance policies, principles, and practices.

SPECIFIC RESPONSIBILITIES:

  • The Senior Information Security Analyst proactively evaluates the system and network enterprise environments and uses technical knowledge and analytical skill to determine the optimum mix of technology, policy, procedures and education to implement effective information security programs and strategies.

  • The Senior Information Security Analyst determines security controls, configurations, procedures, and policies based off industry standards, best practices, federal, and state regulations, and contractual requirements.

  • The Senior Information Security Analyst establishes and manages program control processes, compliance assessments to determine deviations from acceptable configurations, policy, or standards, and provides expertise in compliance requirements for internal and external reviews of requirements

  • Senior Information Security Analyst assists with the identification and mitigation of risk posed to the confidentially, integrity, and availability of information systems.

  • The Senior Information Security Analyst fully masters and explains to others the information security requirements for legal and regulatory compliance including DFARS 48 CFR * 252.204-7012 (Safeguarding covered defense information and cyber incident reporting) and 252.204-7021 Cybersecurity Maturity Model Certification Requirements, NIST SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations), HIPAA (Health Insurance Portability and Accountability Act), ISO-27001 Information Security Management system, and other federal regulations and statutes.

  • Performs Continuous monitoring of system where they are responsible for monitoring and tracking system vulnerabilities and compliance issues.

  • Generates Plans of Action & Milestones (POA&M) to track the mitigation of vulnerabilities and compliance issues.

  • Responds to data calls, scan requests and weekly and monthly reporting.

  • Generates security artifacts such as System Security Plans, Security Control Traceability Matrices, Configuration Plans and Self-Assessment Test Plans.

  • Develops techniques and procedures for conducting information security risk assessments and compliance audits; evaluation and testing of hardware, firmware and software for possible impact on system security

  • Conducts technical and policy-based information security risk reviews of third-party vendors.

  • Reviews RFPs to ensure information security requirements are fully and correctly stated

  • Monitors and follows up to ensure that appropriate mitigation and remediation actions have been taken on risk- assessment findings.

  • Gathers, creates and presents information security metrics to middle, senior and executive management levels using appropriate visualization techniques.

  • Reviews Change Requests for security impacts and technical documentation from a security perspective.

  • Participates in Agile Planning Events to provide technical input in addition to risk assessments for software, systems and services, etc.

Have the support that frees you to excel

In a workplace where people from diverse backgrounds willingly offer help when it's needed... where you feel included, recognized, and supported by management ... where your efforts are encouraged and your accomplishments rewarded... you're certain to do your best work. Come get and give the support that counts.

QUALIFICATIONS:

  • 5+ years of experience as a security professional and developing security policies.

  • 5+ years of experience working in a Microsoft environment.

  • Experience with Cloud Security systems, processes and tools (ex., CloudWatch)

  • Knowledge and experience with Cloud Computing relating to Microsoft Azure and/or AWS architectures.

  • Strong understanding of policy, compliance, and best practice security principles.

  • Previous experience with vulnerability assessments and testing.

  • Excellent written and communication skills.

  • Strong work ethic, demonstrated self-starter, ability to work in a team-oriented environment.

  • Strong organizational skills.

CERTIFICATIONS:

One of the following is preferred: CySA+, Security+, Certified in Risk and Information Systems Control (CRISC), ISO27001 Certified ISMS Lead Implementer, ISO27001 Certified ISMS Lead Auditor.

Tell us where you're going. We'll help you plot the route!

Let us be your 'tour guide' on your path to even greater success. We'll work with you to structure your goals, set up timelines, and pair you with mentors to accelerate your achievements. We might even discover talents that you didn't know you have and help you develop them. We are enthusiastic advocates of diversity, appreciative of the talents and perspectives every person contributes. Let us include you on our structured career path to success.

SKILLS/COMPETENCIES:

  • US Citizenship required.

  • Strong analytical and problem-solving skills with ability to accurately evaluate current security procedures and develop plans for remedying any identified areas of weakness.

  • Relationship skills and collaborative style to enable success across multiple partners.

  • Documentation, planning, negotiation, work prioritization and organizational skills.

  • Basic knowledge of network technologies (MPLS, VPN, Wireless), boundary protection and Cloud extensions (Intrusion Detection System, Intrusion Prevention System, Firewalls, Proxies, Email Gateways, etc.), device and user authentication (digital signatures, multi-factor authentication technologies), cryptography, and security control compliance assessment to various industry standards.

  • Exposure in cloud security, mobility security, virtualization/containerization strategies is desirable.

  • Familiarity with governance, risk and compliance (GRC) and Integrated Risk Management (IRM) platforms is desirable.

  • Understanding of NIST SP 800-171, 800-53, FedRAMP and related special publications and impacts on a commercial organization. Familiarity with ISO 27000-series, ISO 27001/27002, SOX, or other information security control frameworks.

  • Written, verbal and presentation communication skills and the ability to thrive in a dynamic environment handling multiple priorities.

  • Ability to receive constructive feedback and apply it.

Parsons (NYSE: PSN) is a leading technology firm driving the future of defense, intelligence, and critical infrastructure. By combining unique technologies with deep domain expertise across cybersecurity, missile defense, space, connected infrastructure, and smart cities, we're providing tomorrow's solutions today. With a history of disruption beginning in 1944, we apply our distinct perspective to help our customers confront the issues of tomorrow in every domain-land, sea, air, space, and cyber. Our range of capabilities and our global network of resources lets us layer and integrate solutions to respond to any challenge with unmatched agility. In a time of rapid change, we see infinite sources of inspiration to fuel our creativity and enable the innovation necessary to accomplish our quest of delivering a better world. For more about Parsons, visit us at parsons.com and follow our quest on Facebook, Instagram, Twitter, and LinkedIn.

The anticipated annualized full time target compensation (median) for this position is: $110,000.00.

Benefits for this position include: medical, dental, vision, paid time off, Employee Stock Ownership Plan (ESOP) and 401K.

Categories

Posted: 2021-06-04 Expires: 2021-07-05

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Remember to mention ConstructionJobs as your source for this job! Employers prefer our qualified candidates, so make sure they know we sent you.

Share this job:

Sr. Information Security Analyst (Remote)

Parsons Corporation
Centreville, VA 20121

Join us to start saving your Favorite Jobs!

Sign In Create Account