Veris Group, LLC is a management and technology services firm and accredited FedRAMP 3PAO with a core focus on providing information assurance and cybersecurity consulting services to government and commercial organizations. We currently have an opening for an experienced Sr. Information Assurance Analyst in Woodlawn, MD. A PUBLIC TRUST SECURITY CLEARANCE IS REQUIRED TO APPLY.
Summary of Duties:
The Senior Information Assurance Analyst/Project Manager is responsible for information security policy analysis, development and maintenance aligning with NIST 800-37 R1 concepts and must possess a thorough understanding of the Risk Management Framework (RMF).
- Must have strong analytical skills for determining compliance with government agency IT security policy, governance and applicable laws.
- Possess an understanding of software and systems development processes and the integration of security processes and principles into the Systems Development Lifecycle (SDLC)
- Experience in team and project management
- Monitoring and advising on information security issues related to the systems security controls for the systems are appropriate and operating as intended throughout the SDLC
- Coordinating and executing IT security projects related to IT security policy development
- Conducting reviews of various IT security documentation to identify gaps between documentation and IT Security policy and governance
- Developing and publishing Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
- Developing and interpreting security policies and procedures
- Mentoring junior members of the team
- Creating, managing, and maintaining user security awareness type training and guidance
- Conducting security research in keeping abreast of latest security issues
- Preparing documentation, including department policies and procedures and Web content
- Performing other related duties as assigned
- BA or BS in Computer Science, Management Information Systems, or related field. Advanced degree is desirable.
- CISSP certification is preferred
- PMP certification is preferred
- CSSLP, GIAC, or other security certifications are desired
- Strong analytical and problem solving skills
- Excellent communication (oral, written, presentation), interpersonal and consultative skills
- Results oriented, high energy, self-motivate
- Strong project management skills
- Five+ years of progressive experience in computing and information security, including experience with Internet technology and security issues. Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing.
- Knowledge of information security guidance (e.g., NIST SP 800 series etc.), rules and regulations related to information security, privacy and data confidentiality (e.g., FISMA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis.
- Project/Team Management
- Experience with service-oriented architecture and web services security desired
- Experience with the application of threat modeling or other risk identification techniques
- Experience with Software vulnerability analysis a plus.
- Detailed knowledge of system security vulnerabilities and remediation techniques,
- Experience with the NIST Security Assessment and Authorization (SA&A) process