IT Security Analyst
Lansing, MI, United States
Length and terms:
Long term - W2 or C2C
Position created on 06/21/2022 03:50 pm
*** Very long term project; initial PO for 1 year and usually the project goes for 3-5 years with this customer *** Hybrid; 2 days a week onsite***
Top Skills & Years of Experience:
- Experience in the IT industry analyzing and applying information security principles and practices Required: 4 Years
- Experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems Required: 4 Years
- Experience analyzing the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3,4 or 5, and 800-53A Revision 1. Required: 2 Years
Detailed Job Duties:
The IT Security Analyst is responsible for completing and maintainingsystem security plans (SSP) for new and existing systems. The system security plans are documented in the Governance, Risk, Compliance (GRC) tool. This requires close coordination with IT project teams, business and enterprise security representatives, and product owners, to establish and maintain processes and controls for security vulnerability remediation.
- Create system security plans (SSP) for new applications in alignment with the Secure Application Development Life Cycle (SADLC) and Michigan Security Accreditation Process (MiSAP).
- Maintain SSPs for existing applications requiring authority to operate (ATO) and those facing software and/or hardware enhancements.
- Collaborate with business representatives to establish system registration.
- Identify security testing and system scanning requirements.
- Analyze risk assessments and provide mitigating actions and responses for technical controls.
- Continuously monitor plans of action and milestones (POAM) and corrective action plans (CAP) as they relate to the SSPs in collaboration with the MDOT Enterprise Information Management (EIM) office.
- Validate respective SSPs to ensure NIST control requirements are met.
- Author recommendations associated with your findings on how to improve the customers security posture in accordance with SOM PSP & NIST controls.
- Assist team members and vendors with proper artifact collection to satisfy assessment requirements.
- Experience in the IT industry analyzing and applying information security principles and practicesRequired: 4 Years
- Experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems Required: 4Years
- Experience analyzing the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3,4 or 5, and 800-53A Revision 1.Required: 2Years
- Experience with other Security Frameworks (ISO, PCI, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements is a plusNice to have: 2 years
- CISSP, CISA, PMP and/or Security+ certification Nice to have
- Experience working with software vendors to implement security controlsNice to have
- Experience using Lockpath or similar GRC tool Nice to have
- Experience working independently and in a team environment
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
- Ability to collaborate on multiple projects/efforts at a given time
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change
Contact the recruiter working on this position:
The recruiter working on this position is Suhasini Thota(Ravi Team)
His/her contact number is +(1) (703) 3494245
His/her contact email is email@example.com
Our recruiters will be more than happy to help you to get this contract.