Company name: Teracore.

Position Title : Jr Information Security Analyst

Teracore Corporate Overview:

Celebrating our 18th year, Teracore, Inc. ( www.teracore.com ) is a Service Disabled Veteran Owned Small Business (SDVOSB) classified management consulting and information technology services firm with staff in Washington, D.C. and Atlanta. We prime 95% of our projects with a 40% contract win ratio (#1 awardee in our category on both DHS PACTS and EAGLE II IDIQs). Teracore consultants average more than 12 years of professional experience, nearly 60% percent have advanced degrees in business or technology related fields, 90% have professional certifications, and 50% have advanced professional certifications.

Teracore is committed to creating and maintaining a corporate environment and culture that promotes long-term employment. We hire employees who are looking for a career and not just their next "gig." We build and foster our corporate culture through:
Keeping small business, friendly atmosphere you are not just a number here at Teracorereal people adding valueone person at a time
Focusing on work/life balance Teracore is a company that believes people function best in a balanced environment
Social events From happy hours, to summer picnics and holiday parties, to outings at Nationals games, and regular Town Hall gatherings, we work hard to give employees not working on the same projects the opportunity to both meet "new faces" and keep close with prior teammates
Community events Teracore emphasis on giving back to the community it serves veteran and community volunteer efforts flourish in this culture
Focusing on making this a great place to work Corporate engagement team ensures Teracore work hard, play hard culture
Conducting leadership workshops on building a positive corporate culture it starts from the top down here"be proud of where you work"
Communication and surveys - we listenyou help drive the culture and we ensure its direction
A SharePoint suggestion box funneled to leadership team we give you a multitude of avenues to be heard, be part of the team, and continuously making us better

What We Do:

Teracore understands how to integrate business consulting knowledge, process expertise, and IT to obtain desired results. Our core competencies include:
Enterprise IT Consulting
Budget and Financial Management Services
Enterprise Cyber Management
Tranformation Management
PMO Services
Strategic Communication and Stakeholder Engagement
Position Description:
Current/Initial Project Background:


Provide our Federal client with knowledgeable support to perform NIST, FISMA, OMB, Treasury, and IRM compliant Security Controls Assessments and Risk Analyses which would result in all vulnerabilities being identified.
Support an enterprise wide Security Risk Management program. Responsible for supporting the security and resilience of critical IT functions and business processes and for those system assets classified as needing to meet FISMA requirements as well as additional Security Risk Management analysis.

Responsible for a broad spectrum of disciplines for those system assets classified as needing to meet FISMA requirements, also including Security Risks Assessments, Data Impact Assessments, and Risk Analyses. The Security Assessment Services group performs technology Security Risk Assessments, risk/threat analyses, and data impact assessments for newly developed cloud systems and applications/systems
Jr Information Security Analyst:

The CybJr Information Security Analyst will perform security assessments to ensure compliance with NIST 800-53A and agency specific requirements. The position will require the ability to technically assess web applications, thick clients, and general support system security configurations and their implementation.
The Assessment SME will be working with a wide variety of technologies, be well versed in the current state of information security and be able to interpret the requirements of relevant governing bodies (NIST, OMB, GAO, etc.). The ideal candidate will understand the Risk Management processes for a federal client including Certification and Accreditation (C&A), FISMA self-assessments, vulnerability scans, and penetration testing.
Tasks & Responsibilies:

The Cyber Security Assessment SME will perform security assessments to ensure compliance with the NIST 800-53a and agency specific requirements pertaining to three categories of assessments:
Annual Security Controls Assessment

Security Assessment and Authorization

Event- Driven Security Controls Assessment

Requires the ability to technically assess both application and general support system security configurations and implementation.

Conduct physical and logical hands-on technical security evaluations of controls in place.

Execute assessments and create accurate and complete artifacts and final deliverables with the collaboration of the government

Validate the deliverables and submit them to the Team lead for final review.

Provide advisory consultation to government personnel on the optimal application of these assessment that lead to future FISMA Compliance initiatives

Required to interface with federal employees and contractors to perform security assessment activities as well as the presentation of vulnerabilities to the client. The Engineer will be required to review security related documentation (System Security Plans, Configuration Management Plans, etc.).

Provide assessments based on FIPS-199 security categorization and government FISMA classification with varying complexity

Support a variety of security assessment services, such as;

Security impact categorization

Data impact assessment

Privacy and Civil Liberties Impact Assessment (PCLIA)

Develop and maintain ASCA documents including custom schedule, Control Selection Memo, Assessment Plan, SSP, and SAR.

Select controls to be tested, including applicable 1/3 of controls, critical/volatile controls, closed POA&Ms

Conducts Control Selection Meeting and draft Control Selection Memo

Support and, possibly, facilitate appropriate Assessment Activities

Control Assessment Meeting

Requests and Collects for appropriate evidence

Conducts comprehensive review of selected controls, discusses control dispositions & justification, and required evidence

Assesses recently closed POA&Ms; analyzes evidence, updates Assessment Plan, and conducts Findings Review meeting.

Finalization/Close Out Activities. (Completes documentation, execute appropriate QA/QC activities.)

Apply security engineering principles primarily to new development information systems (modernization) or systems undergoing major upgrades.

For legacy systems impacting modernization, apply security engineering principles to system upgrades and modifications to the extent feasible, given the current state of hardware, software, and firmware within those systems.

Security engineering principles include:

Developing layered protections;

Establishing sound security policy, architecture, and controls as the foundation for design;

Incorporating security requirements into the system development life cycle;

Delineating physical and logical security boundaries;

Ensuring that system developers are trained on how to build secure software;

Tailoring security controls to meet organizational and operational needs;

Performing threat modeling to identify use cases, threat agents, attack vectors, and attack patterns as well as compensating controls and design patterns needed to mitigate risk; and

Reducing risk to acceptable levels, thus enabling informed risk management decisions

Incorporating security requirements into the system development life cycle

Delineating physical and logical security boundaries

Tailoring security controls to meet organizational and operational needs

Reducing risk to acceptable levels, thus enabling informed risk management decision

Required Skills

BS preferred with education/certifications pertaining to security assessments:
Working knowledge of FISMA, NIST Special Publications, OMB, Risk Management Framework (RMF), and in Information Security Continuous Monitoring (ISCM) Plan development
IT security knowledge with desired Professional Certifications from (ISC)2, ISA, PMI, CompTIA, SANS
8+ years' experience with technology risk assessments covering webservices, network appliances and software

Knowledge and experience with System Development Lifecycle (SDLC)
2-3 years cyber security / information security assessment experience, experience in supporting various assessments and tasks perform NIST, FISMA, OMB, Treasury, and IRM compliant Security Controls Assessments and Risk Analyses which would result in all vulnerabilities being identified
Knowledge of the following Security engineering principles, to include:

Developing layered protections

Establishing sound security policy, architecture, and controls as the foundation for design

Incorporating security requirements into the system development life cycle

Delineating physical and logical security boundaries

Ensuring that system developers are trained on how to build secure software

Tailoring security controls to meet organizational and operational needs

Performing threat modeling to identify use cases, threat agents, attack vectors, and attack patterns as well as compensating controls and design patterns needed to mitigate risk

Reducing risk to acceptable levels, thus enabling informed risk management decisions
Knowledge and experience with technology security engineering, analysis, and assessment

Desired Skills:

Professional Security Certification (CAP, CASP, CISSP, etc.)
Understand/experience in systems administration (Windows or Linux/Unix)
Understand/experience in creating or maintaining security related documentation

Positive learning attitude (good team player)

Time Management skills: ability to work under pressure and tight timelines for multiple projects with positive attitude and flexibility

Ability to work with a team setting with willingness to learn

Tact with customers

Excellent presentation and verbal communication skills

Excellent communication skills and with the ability to create accurate written work products by following Job Aids and document templates.



Clearance Requirements:

Must have ACTIVE Public Trust MBI or higher