Role: VSP - IT Security Analyst 4 Job ID - (760300)Location: Richmond, VA - Hybrid - 3 days - on site - 2 days - remoteInterview slots: In Person OnlyLocal consultants only due to in person interviewJob description:Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle.
- Analyze the security impact of application, configuration, and infrastructure changes to ensure compliance with the security standard as part of the change management lifecycle.
- Assess the configurations of applications, servers, and network devices for compliance with the security standard.
- Analyze and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
- Assess and document the security impact and risks of newly discovered vulnerabilities in the environment.
- Coordinate resolution of application and infrastructure security vulnerabilities with System Owners, IT, and vendors.
- Track resolution of vulnerabilities and provide regular updates to management.
- Coordinate resolution of endpoint security vulnerabilities with users and provide regular updates to management.
- Respond to, and investigate, security incidents and provide thorough post-event analyses.
- Perform internal application penetration testing, document findings, and recommend improvements to improve the organization's security posture.
- Complete annual password security audits and coordinate completion of agency wide user access audits in compliance with the security standard.
- Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately.
- Create and maintain desk procedures and process documentation for all responsibilities.
Skill matrix:NIST 800-53 rev 5 and/or Criminal Justice Information System (CJIS) specifications for an information security management system.
Required
5
Years
Software development lifecycle, vulnerability management processes, role-based authentication methodologies, etc.
Required
5
Years
Familiarity with programming languages such as Python, Java, JavaScript, C , C , SQL, HTML, CSS, and/or COBOL.
Required
5
Years
Expertise in using automated vulnerability scanners like Nessus, Qualys, Retina, and/or Tenable.
Required
5
Years
Familiarity with web application security testing tools like Burp Suite, Fortify, and/or AppScan.
Required
5
Years
Basic scripting skills (e.g. WDL, VBScript, JavaScript, PowerShell, Python) for automation
Required
5
Years
IT security or risk assessment certifications are advantageous (CISM, CCSP, CISSP, CEH, CompTIA Pentest+ and/or CompTIA Security+)
Required
5
Years