Security Risk Management Analyst

Location: Laurel, MD
ApplyLogic is a fast-growing Veteran-Owned consulting firm, headquartered in Dunn Loring, VA. Our people are our greatest asset and our company culture is grounded on that belief. We offer challenging and interesting work in a friendly and supportive environment. We deliver best-in-class technical expertise to the Federal Government market through IT professional service contracts. 

We offer a competitive salary with a robust Fortune 500 type benefits package: employee assistance, employee adoption, 401K with match, medical, dental, vision, life, short-term and long-term disability, 15 paid time days off, 10 holidays, unlimited web-based training and up to $5K towards continuing education and/or professional development and more!
 
Founded in 2004, ApplyLogic is a Veteran Owned Small Business, ISO9001:2015 certified with over $7M annual revenues and 35 employees. Our growth has been recognized in the Washington Technology Fast 50 and the INC. 5000. We have an immediate Security Risk Management Analyst position available in Laurel, MD.

Job Description and Responsibilities:
 
  • Oversee and actively manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.
  • Actively coordinate with the infrastructure teams to plan, develop, implement and test security controls that meet Federal regulations, program objectives, operational needs and user experience, particularly data collection components. Support the integration of security across the SoS lifecycle.
  • Lead the development and maintenance of security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.
  • Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to ensure vulnerabilities are remediated as appropriate.  Actively manage vulnerabilities mitigation commitments from the integration team.
  • Assist in establishing rules for program/project vulnerability scans, risk analyses and security assessments which includes addressing controls defined by OMB A130 Appendix III, FIPS 199, NIST SP800-37, NIST SP800-53, NIST SP500-299 (Draft) for both business operations and technical implementation throughout the eSDLC for the SoS.
  • Analyze and define security requirements for information protection. Analyze Decennial change requests for security impacts and provide recommendations.
  • Analyze change requests for security risk, monitor and track security-related defects and resolutions, and make recommendations
  • Execute with limited direction or conceptual direction, anticipating customer needs and proactively supporting those needs.
  • Assist in establishing and implementing a Continuous Diagnostics and Mitigation (CDM) capability with integrated security controls
  • Assist in establishing a continuous monitoring strategy to proactively survey, monitor, and track security-related defects and the status of their resolutions to report
  • Review program/project vulnerability scan results and report findings to GPMO and monitor and track their assessment and subsequent resolution using automated scripts where necessary.
  • Monitor for security breaches and participate in incident response activities and investigation of security breaches. Specifically, traditional ISSO audit responsibilities.
  • Capture ATO artifacts that support independent assessment activities.  Consolidate ATO artifacts for input into the USCB Risk Management Processing System.
  • Present status of RMF efforts to Government customer and program meetings as required.
 
Qualifications:
 
  • In-depth technical experience and security exposure with core technologies, including Cloud, Digital, Data Protection, User Management, Digital Mobility, Compliance, Application Security, Event Management, CDM
  • Very strong experience with the development and maintenance of security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.
  • Knowledge of FedRAMP and FISMA regulatory compliance requirements.
  • Working knowledge of NIST SP800-53 Rev 4 controls, and implementation methodology with the ability to oversee traceability to the controls.
  • Experience working throughout a complete IT Security life-cycle supporting a complex System of Systems.
  • Experience working as a compliance and security control planner and implementer.
  • Adept at managing change control and technical working group.
  • Thorough understanding of the security concepts and intricacies associated with Cloud Computing, Infrastructure, Data Protection, Digital Mobility, Application Security, and Regulatory Compliance.
  • Ability to define and manage reporting and measurement systems for IT Security.
  • Tools/Technology Experience: Functional knowledge of security tools for both Cloud environments and Data Center, including commercial and open source.
 
Education and Experience:
  • Bachelor's Degree
  • 10 years experience  
  • CAP, Security+, CISSP, GSEC preferred
 
Clearance:
  • U.S. Citizenship
  • Public Trust, or must be able to obtain a Public Trust clearance
this job portal is powered by CATS
ApplyLogic is an equal opportunity employer. The Equal Employment Opportunity Policy of ApplyLogic is to provide a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religion, national origin, gender, sexual orientation, age, marital status or disability. ApplyLogic hires and promotes individuals solely on the basis of their qualifications for the job to be filled. ApplyLogic believes that associates should be provided with a working environment which enables each associate to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, religion, national origin, gender, sexual orientation, age, marital status or disability.