Our Technology Solutions division is searching for a Security Analyst to support a government customer on site in Washington, DC. The primary responsibilities for the position are to identify management, operational, and technical security controls for FIPS-199 High cloud based systems against Federal and DHS guidelines and policies; and provides input to aligns technical solutions and security requirements with business needs. The nature of the work requires that the candidate demonstrate initiative, organization, responsibility, customer service skills, and the ability to be flexible and adaptive to a fast-paced, fluid business environment. The candidate must be able to communicate effectively and decisively with all levels of the organization and be able to solve practical problems as well as exercise sound judgement with regards to sensitive and confidential information.
Work under supervision of CISO and ISSO to identify management, operational, and technical security controls for FIPS-199 High cloud based systems against Federal and customer specific guidelines and policies; and provides input to aligns technical solutions and security requirements with business needs. Documents security requirements and translates them into a Concept of Operations (CONOPS). Reviews designs and implementations of secure interface specifications between interconnected systems. Develops and implements security procedures that meet security objectives of a FIPS-199 High system. Formulates security architecture recommendations and designs security controls for a cloud based system. Identifies, develops, and implements protection needs for the information system including network transport and data assurance. Provides detailed specifications for technical needs of infrastructure, and provides input on security infrastructure requirements. Oversees established procedures during the implementation of security controls to ensure others adhere to customer policy in accordance to regulatory guidelines. Verifies and validates network configuration by thoroughly reviewing network/system design and using technical knowledge to detect errors and inaccuracies. Verifies systems security baseline against application interoperability and resolves hardware/software interface interoperability problems. Identifies protection needs for information system(s) and network(s) and documents appropriately by conducting a detailed gap analysis between the as is and to be systems. Uses basic data gathering skills to document design specifications and user needs; reports findings that contribute to the systems development lifecycle (SDLC) and enterprise architecture activities and decisions (e.g., selecting appropriate security designs and architecture/system components to assist others in developing system designs and processes). Ensures security architecture and policies are followed through the following six domains: secure interfaces (data-in-motion), secure management, secure monitoring, secure data-at- rest, and access control within a system. Ensures compliance with data security policies and regulatory requirements. Prepares final analysis report of the associated system to identify residual risk and any potential impact on the confidentiality, integrity and/or availability for customer's security posture. Prepares final system documentation for the controls implementation and provides artifacts demonstrating the controls effectiveness and identified gaps. Supporting all SDLC documentation steps required for approval of Authorization to Operate (ATO), completion of the system security package, and acceptance of final operating capability.
Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.