Information Security Analyst 2

We have a position at Randolph AFB, TX for an Information Security Analyst 2 that we wanted to send your way. Below is the description:

Position Summary:

This position will be responsible for all aspects of informational security, at times focused on accreditation. Responsibilities include but are not limited to participating in engineering and building enterprise solutions, architectural reviews, and assisting with the evaluation of proposed technical solutions for our customers.

Job Responsibilities:

• Develop and sustain RMF A&A packages to maintain Authorization to Operate (ATO)
• Develop, complete, and process System Categorization Document and System Security Plans
• Validate and upload RMF documentation into the Enterprise Mission Assurance Support Service (eMASS)
• Assemble and coordinate system Plans and Procedures from the iAssure templates for all RMF families
• Process and submit Plans of Action and Milestones (POA&Ms)
• Ensure DISA STIGs/SRGs are implemented and enforced
• Perform Risk Analysis and Vulnerability Assessments
• Perform annual security reviews in accordance with FISMA reporting
• Review PPS, HW/SW listings, NSS checklists (all A&A artifacts)

Minimum Requirements:

• An active Secret Security Clearance is required
• Must hold a DoD 8570.01 IAT Level 2 certification, such as Security+ CE
• 2+ years of experience in support of cybersecurity for the purposes of RMF
• Experience developing and sustaining RMF A&A packages

Preferred Qualifications & Experience:

• Hands-on experience with associated DoD CyberSecurity tools (i.e., ACAS/NESSUS, STIGs, Cloud SRGs)
• Working knowledge of Cloud-based technologies and accreditations of various IaaS, PaaS, SaaS, etc.
• Experience in DevSecOps and conducting end-to-end security testing of Applications (Web, Mobile, other APIs)
• Experience with industry standard tools such as Fortify, Checkmarx, and practices for code reviews, static/dynamic code analysis, and vulnerability assessments
• Knowledge of OWASP Top 10, SANS 25, NVD, CVE, etc.
• Experience with code languages and frameworks (Java, C+, Apex, etc.)
• End-to-end experience with attaining system ATOs