Information Security Analyst

We have a long term, fully-remote Security Analyst primarily responsible for the SA&A process! We need someone with a consultant mind-set, so if you're interested please send your resume to nfeagin@apexsystems.com. The full job description is below!Title: Information Security Analyst Location: FULLY REMOTERoles and Responsibilities: The qualified applicant will provide IT Security support to various international and domestic information systems and serve as an IT Security consultant and advisor to system stakeholders on matters related to regulatory compliance, security controls, threats and vulnerabilities.

• Develop and maintain a solid working knowledge of CDC, HHS, and Federal security regulations, policies, laws, and requirements.
• Work extensively with multiple senior-level stakeholders (system owners, mission leads, IT Governance, and the Information Systems Security Officer (ISSO)) in the conduct of system compliance and protection activities covering both domestic and international projects.
• Work with mission / technical teams to perform security analysis on in-development technical solutions and provide security compliance and guidance input as required
• Formally evaluate systems (either in development or in production) for compliance with Federal security requirements and develop corresponding documentation
• Assist system owners with identifying and utilizing relevant enterprise shared services and solutions to enable compliance and security activities
• Develop System Security Authorization (SSA) packages and manage the end-to-end SSA process for assigned systems including development of NIST-compliant System Security Plans, Rules of Behavior, Continuity of Operations and Disaster Recovery Plans, Risk Assessments, Interconnection Security Agreements, Incident Response Plans, Privacy Impact Assessments, Data Sharing / Use Agreements, etc.
• Develop and maintain system risk assessments and, as/if needed, remediation and mitigation plans
• Following formal approval, maintain system authorizations through proactive monitoring of system compliance, formal change management, corrective actions, and package updates.
• Become a trusted security subject matter expert supporting various mission leaders and activities
• Perform technical IT system security/vulnerability assessments using provided tools - interpret results and manage remediations as needed
• Support various other security-related activities including facilitation of change control processes and data call responses; management of encrypted / secure data storage devices; and the evaluation, justification, and management of software and third party website approvals
• Some level of remote work and schedule flexibility (due to international project teams) is anticipated and will be determined on a case-by-case basis. No on-call requirements.
• Overseas travel may be required (3-5 trips per year)

• Bachelor's degree in Computer Science, Information Systems Management, or a related field with at least 5 years of experience.
• Demonstrated knowledge of computer operating systems and networks, component architectures, application development, and/or data management processes and technologies - the successful candidate must understand the fundamental technical components, processes, and interactions of enterprise-level information systems
• Demonstrated knowledge of fundamental information security concepts and processes such as risk assessment and mitigation strategies, security control techniques and technologies, assessment and evaluation methods, and user access control methodologies
• Excellent analytic skills - the successful candidate must be able to receive information, digest it, and apply standards and requirements to that information and in order to produce a clear and effective evaluation / assessment
• Excellent communication skills - both written and verbal
• Demonstrated facility with technical documentation
• Demonstrated problem-solving capability
• Ability to effectively manage time, and prioritize and execute tasks in a high-pressure environment
• Must be able to work independently and within deadlines
• Must be able to pass required Federal background screening / security check including basic and expanded investigations
• One or more industry certifications including CISSP, SANS GIAC Certifications, IAT Level I-III, or NSA's IAM/IEM
• Desire and ability to quickly obtain industry certifications if needed

• 3 or more years' experience with Federal System Security Authorization processes / methodologies
• Experience with industry standard security / vulnerability assessment tools
• Security policy development and process implementation experience in Federal agencies - CDC / HHS preferred
• Government and/or CDC experience
• International experience, especially in a health-related field
• US DoD security clearance