Company name: Teracore. Position Title : Jr Information Security Analyst Teracore Corporate Overview: Celebrating our 18th year, Teracore, Inc. ( www.teracore.com ) is a Service Disabled Veteran Owned Small Business (SDVOSB) classified management consulting and information technology services firm with staff in Washington, D.C. and Atlanta. We prime 95% of our projects with a 40% contract win ratio (#1 awardee in our category on both DHS PACTS and EAGLE II IDIQs). Teracore consultants average more than 12 years of professional experience, nearly 60% percent have advanced degrees in business or technology related fields, 90% have professional certifications, and 50% have advanced professional certifications. Teracore is committed to creating and maintaining a corporate environment and culture that promotes long-term employment. We hire employees who are looking for a career and not just their next "gig." We build and foster our corporate culture through: Keeping small business, friendly atmosphere you are not just a number here at Teracorereal people adding valueone person at a time Focusing on work/life balance Teracore is a company that believes people function best in a balanced environment Social events From happy hours, to summer picnics and holiday parties, to outings at Nationals games, and regular Town Hall gatherings, we work hard to give employees not working on the same projects the opportunity to both meet "new faces" and keep close with prior teammates Community events Teracore emphasis on giving back to the community it serves veteran and community volunteer efforts flourish in this culture Focusing on making this a great place to work Corporate engagement team ensures Teracore work hard, play hard culture Conducting leadership workshops on building a positive corporate culture it starts from the top down here"be proud of where you work" Communication and surveys - we listenyou help drive the culture and we ensure its direction A SharePoint suggestion box funneled to leadership team we give you a multitude of avenues to be heard, be part of the team, and continuously making us better What We Do: Teracore understands how to integrate business consulting knowledge, process expertise, and IT to obtain desired results. Our core competencies include: Enterprise IT Consulting Budget and Financial Management Services Enterprise Cyber Management Tranformation Management PMO Services Strategic Communication and Stakeholder Engagement Position Description: Current/Initial Project Background: Provide our Federal client with knowledgeable support to perform NIST, FISMA, OMB, Treasury, and IRM compliant Security Controls Assessments and Risk Analyses which would result in all vulnerabilities being identified. Support an enterprise wide Security Risk Management program. Responsible for supporting the security and resilience of critical IT functions and business processes and for those system assets classified as needing to meet FISMA requirements as well as additional Security Risk Management analysis. Responsible for a broad spectrum of disciplines for those system assets classified as needing to meet FISMA requirements, also including Security Risks Assessments, Data Impact Assessments, and Risk Analyses. The Security Assessment Services group performs technology Security Risk Assessments, risk/threat analyses, and data impact assessments for newly developed cloud systems and applications/systems Jr Information Security Analyst: The CybJr Information Security Analyst will perform security assessments to ensure compliance with NIST 800-53A and agency specific requirements. The position will require the ability to technically assess web applications, thick clients, and general support system security configurations and their implementation. The Assessment SME will be working with a wide variety of technologies, be well versed in the current state of information security and be able to interpret the requirements of relevant governing bodies (NIST, OMB, GAO, etc.). The ideal candidate will understand the Risk Management processes for a federal client including Certification and Accreditation (C&A), FISMA self-assessments, vulnerability scans, and penetration testing. Tasks & Responsibilies: The Cyber Security Assessment SME will perform security assessments to ensure compliance with the NIST 800-53a and agency specific requirements pertaining to three categories of assessments: Annual Security Controls Assessment Security Assessment and Authorization Event- Driven Security Controls Assessment Requires the ability to technically assess both application and general support system security configurations and implementation. Conduct physical and logical hands-on technical security evaluations of controls in place. Execute assessments and create accurate and complete artifacts and final deliverables with the collaboration of the government Validate the deliverables and submit them to the Team lead for final review. Provide advisory consultation to government personnel on the optimal application of these assessment that lead to future FISMA Compliance initiatives Required to interface with federal employees and contractors to perform security assessment activities as well as the presentation of vulnerabilities to the client. The Engineer will be required to review security related documentation (System Security Plans, Configuration Management Plans, etc.). Provide assessments based on FIPS-199 security categorization and government FISMA classification with varying complexity Support a variety of security assessment services, such as; Security impact categorization Data impact assessment Privacy and Civil Liberties Impact Assessment (PCLIA) Develop and maintain ASCA documents including custom schedule, Control Selection Memo, Assessment Plan, SSP, and SAR. Select controls to be tested, including applicable 1/3 of controls, critical/volatile controls, closed POA&Ms Conducts Control Selection Meeting and draft Control Selection Memo Support and, possibly, facilitate appropriate Assessment Activities Control Assessment Meeting Requests and Collects for appropriate evidence Conducts comprehensive review of selected controls, discusses control dispositions & justification, and required evidence Assesses recently closed POA&Ms; analyzes evidence, updates Assessment Plan, and conducts Findings Review meeting. Finalization/Close Out Activities. (Completes documentation, execute appropriate QA/QC activities.) Apply security engineering principles primarily to new development information systems (modernization) or systems undergoing major upgrades. For legacy systems impacting modernization, apply security engineering principles to system upgrades and modifications to the extent feasible, given the current state of hardware, software, and firmware within those systems. Security engineering principles include: Developing layered protections; Establishing sound security policy, architecture, and controls as the foundation for design; Incorporating security requirements into the system development life cycle; Delineating physical and logical security boundaries; Ensuring that system developers are trained on how to build secure software; Tailoring security controls to meet organizational and operational needs; Performing threat modeling to identify use cases, threat agents, attack vectors, and attack patterns as well as compensating controls and design patterns needed to mitigate risk; and Reducing risk to acceptable levels, thus enabling informed risk management decisions Incorporating security requirements into the system development life cycle Delineating physical and logical security boundaries Tailoring security controls to meet organizational and operational needs Reducing risk to acceptable levels, thus enabling informed risk management decision Required Skills BS preferred with education/certifications pertaining to security assessments: Working knowledge of FISMA, NIST Special Publications, OMB, Risk Management Framework (RMF), and in Information Security Continuous Monitoring (ISCM) Plan development IT security knowledge with desired Professional Certifications from (ISC)2, ISA, PMI, CompTIA, SANS 8+ years' experience with technology risk assessments covering webservices, network appliances and software Knowledge and experience with System Development Lifecycle (SDLC) 2-3 years cyber security / information security assessment experience, experience in supporting various assessments and tasks perform NIST, FISMA, OMB, Treasury, and IRM compliant Security Controls Assessments and Risk Analyses which would result in all vulnerabilities being identified Knowledge of the following Security engineering principles, to include: Developing layered protections Establishing sound security policy, architecture, and controls as the foundation for design Incorporating security requirements into the system development life cycle Delineating physical and logical security boundaries Ensuring that system developers are trained on how to build secure software Tailoring security controls to meet organizational and operational needs Performing threat modeling to identify use cases, threat agents, attack vectors, and attack patterns as well as compensating controls and design patterns needed to mitigate risk Reducing risk to acceptable levels, thus enabling informed risk management decisions Knowledge and experience with technology security engineering, analysis, and assessment Desired Skills: Professional Security Certification (CAP, CASP, CISSP, etc.) Understand/experience in systems administration (Windows or Linux/Unix) Understand/experience in creating or maintaining security related documentation Positive learning attitude (good team player) Time Management skills: ability to work under pressure and tight timelines for multiple projects with positive attitude and flexibility Ability to work with a team setting with willingness to learn Tact with customers Excellent presentation and verbal communication skills Excellent communication skills and with the ability to create accurate written work products by following Job Aids and document templates. Clearance Requirements: Must have ACTIVE Public Trust MBI or higher
Cyber Secure Central is a multinational tech company, with a focus on cybersecurity. We offer cybersecurity services, certified courses, website development, digital marketing and mobile app development. Furthermore we provide premium quality HR services for employers and job seekers wishing to recruit and work in the fields of Cyber Security and Technology.
Jr Information Security Analyst
Date PostedMar 31. 2020
DeadlineApr 24. 2020
Job TypeFull Time
LocationLanham, Maryland, United States
Approximate Annual Salary$68000