Cloud Information Secuirty Analyst (CISA)

Job Description:

We are looking for a Cloud Information Security Analyst (CISA) responsible for taking the lead on implementing security tools, security tool usage, ensuring tools remain compliant and configured properly, setting program policy all the while ensuring a successful program ATO. Our ideal candidate is passionate about being part of a “change”, and working in a dynamic and highly collaborative environment. The CISA provides oversight security posture for corporate systems that support Federal programs. He/She will be responsible for monitoring, evaluating, and maintaining systems and procedures to safeguard internal information systems, networks, databases, and Web-based assets. 

Basic Requirements:

• US citizen or must be authorized to work in the United States
• Must have lived in the USA for three years of the last five years
• Must be able to obtain a US federal gov badge and eligible for Public Trust clearance
• Must be able to pass a background check, including a drug test 

Addtional Qualifications:

• Bachelor's or Master's degree in Computer Science, Engineering, Information Technology, or a related discipline
• Minimum of 6 years related experience in Information Technology including 4 years in Information Security space.
• Experience in cloud environments such as AWS Commercial and GovCloud. Hands on experience with AWS monitoring and logging services.
• Preferable experience with Salesforce or similar product platforms
• Demonstrated work experience with the following: computer networking, cryptography, security engineering and architecture, vulnerability assessments, or operating systems required
• Strong background in certification and accreditation process of information systems and ability to write, review and coordinate system security plans
• Possesses a working knowledge of several of the following areas is required: understanding of business security practices and procedures; knowledge of current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products; and current Internet technology
• Demonstrated working knowledge of vulnerability assessment and penetration testing tools
• Understands how to assess vulnerabilities and provide recommendations regardless of first-hand knowledge of the application or system
• Experience with Government Agency Security Assessment Process in support of maintaining and/or establishing an ATO and the appropriate boundary.
• Experience with, understanding of and adherence to guidelines such as FISMA, NIST, HIPPA, and IRS Pub-1075
• Experience and understanding of tools and platforms such as AWS, Snyk, GitHub, JIRA, Confluence is preferred. 

Responsibilities: 

• Provides support for a program, organization, system, or enclave’s information assurance program
• Provides support for maintaining security services within the AWS environment. Maintain security workloads running on AWS containers.
• Maintain security information on JIRA/Confluence and participate in agile DevSecOps practices
• Run and manage security scans with tools such as Snyk and track fixes.
• Able to manage source code for AWS infrastructure in GitHub and manage pipelines.
• Provides support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies
• Maintains operational security posture for FISMA information system or program to ensure information systems security policies, standards, and procedures are established and followed
• Responsible for implementing security tools, security tool usage, ensuring tools remain compliant and configured properly, all the while ensuring a successful program Authority To Operate (ATO)
• Assists with the management of security aspects of the information system and performs day-to-day security operations of the system
• Evaluate security solutions to ensure they meet security requirements for processing classified information
• Performs vulnerability/risk assessment analysis to support certification and accreditation
• Provides configuration management (CM) for information system security software, hardware, and firmware
• Manages changes to the system and assesses the security impact of those changes
• Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs) 

Prefered Certifications:

• Industry certification such as the CISSP, CEH, GIAC, etc.
• AWS Certification 

Public Trust Clearance: This role will require the hired candidate to go through public trust clearance. A minimum of 3 years of stay in the U.S. within the last 5 years is required to be eligible to qualify for public trust clearance sponsorship.  

As partners in our team's success, we offer a comprehensive compensation structure that includes competitive base salaries, performance-based incentives, spot bonuses, referral bonuses, and more.