RightDirection Technology Solutions LLC Sr. Cybersecurity Analyst - Cleared in Fully Remote • Washington, District Of Columbia
Sr. Cybersecurity Analyst - Cleared
Fully Remote • Washington, DC (http://maps.google.com/maps?q=Washington+DC)
RDTS is in need of a Sr. Cybersecurity Analyst to support the U.S. Dept of Treasury in Washington, D.C.
- Experiencing performing security analysis of operation and development environments, threats, vulnerabilities and interfaces to define and assess compliance with government standards (Risk Management Framework, NIST 800-53 Rev 5, FedRamp)
Risk and Compliance
In depth knowledge of security authorization processes and procedures Experiencing with Assessment and Authorization (A&A) processes under the Risk Management Framework (RMF) for new and existing information systems
Experience developing Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acknowledgement Letters (RAL), Service Level Agreements and support Continuous Monitoring (CONMON)
Experience with agile methodology, creating process designs, technical designs, defining user stories, working with onshore/offshore development teams, leading user acceptance testing (UAT), and providing the necessary end-user training to deliver the proposed solution.
3+ years of experience as an information system security officer or information system security manager
Professional certifications such as Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified PRINCE2 Practitioner
Experience participating in incident response and information security audits
Experience Leading vulnerability assessments and security reviews through a comprehensive testing process to identifying weaknesses and vulnerabilities within the systems that affect the confidentiality, integrity and availability systems
Experience performing or participating in Web application security assessments (e.g., exploiting web app vulnerabilities such as sql injection, cross-site scripting, parameter manipulation, session hijacking)
Information security compliance framework Subject Matter Expert
Experience leading and implementing ServiceNow GRC modules (policy and compliance, risk management, audit management, business continuity management and vendor risk management)
Experience conducting developing documentation and delivering application demonstrations.