Sr. Information Security Analyst

TISTA Science and Technology is seeking a Senior Information Security Analyst to join our growing team. The ideal candidate will work collaboratively with a high-performing team of cybersecurity experts on a Federal project to support Assessment and Authorization, Audit, and Continuous Monitoring Support

TISTA associates enjoy above Industry Healthcare Benefits, Remote Working Options, Paid Time Off, Training/Certification opportunities, Healthcare Savings Account & Flexible Savings Account, Paid Life Insurance, Short-term & Long-term Disability, 401K Match, Tuition Reimbursement, Employee Assistance Program, Paid Holidays, Military Leave, and much more!

Stay Connected:

Follow us on LinkedIn for updates on this job and other exciting opportunities.

• Assess the effectiveness of security controls by conducting vulnerability scans, penetration tests, and control testing. Document findings and provide recommendations for remediation.
• Assist in preparing for and responding to internal and external audits. Ensure all required documentation is available and accurate, and facilitate communication between auditors and system owners.
• Implement and manage continuous monitoring processes to ensure ongoing compliance with security standards. Use automated tools to monitor system configurations and security controls.
• Create and update System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and other relevant documentation. Ensure all documents are accurate, comprehensive, and up-to-date.
• Generate regular reports on security status, including daily status updates, weekly summaries, and comprehensive monthly reports. Use dashboards and visualizations to enhance report clarity and impact.
• Ensure that all security documentation is stored in a centralized repository (e.g., SharePoint) for easy access and management. Regularly update and organize the repository to ensure it remains current and relevant.
• Conduct regular risk assessments to identify potential security risks and vulnerabilities. Develop and implement risk mitigation strategies
• Monitor compliance with federal security standards, including NIST, FISMA, and FedRAMP. Ensure that all security controls are implemented and maintained in accordance with regulatory requirements.
• Assist in developing and implementing incident response plans. Respond to security incidents promptly and effectively, documenting actions taken and lessons learned.
• Work closely with system owners, control owners, and other stakeholders to gather necessary information and validate security controls. Facilitate regular communication to ensure alignment and collaboration.
• Organize and conduct interviews and workshops with control owners and stakeholders to gather detailed information about security controls and processes. Document findings and provide actionable recommendations.
• Participate in regular meetings with development and operations teams to stay informed about system status and future updates. Document discussions, action items, and decisions, and ensure follow-up on outstanding items.
• Establish and follow quality assurance processes to ensure that all security assessments, documentation, and reports meet high standards of accuracy and reliability.
• Regularly review and update control implementation statements and other security documentation to reflect changes in the system environment and regulatory requirements.
• Actively seek feedback from stakeholders and incorporate it into process improvements. Stay current with industry best practices and emerging security trends to continually enhance the security posture

Preferred Professional Certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Auditor (CISA)
• Certified Information Security Manager (CISM)
• CompTIA Security+

Education:

• A bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field is typically required. Advanced degrees such as a Master’s in Cybersecurity or Information Assurance are highly desirable.

Clearance: 

• The ability to pass a Tier 2/Modest Background Investigation

Location:

• Remote, USA

Pay Range:

• The pay for this position ranges from $88,730 to $101,500
• The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience, and location
• Also, certain positions are eligible for additional forms of compensation, such as bonuses
• TISTA associates are eligible to participate in our comprehensive benefits plan! More information can be found here: https://tistatech.com/working-at-tista/