The Cyber Security Analyst promotes DSS's mission by supporting our ongoing compliance efforts (HIPAA, SOC2, and FedRAMP environments), working collaboratively to manage risk within the organization, and assisting to shape the organization's information security program through documentation and evaluation of the organization Risk Registers and Plan of Actions and Milestones (POA&M).
DUTIES AND RESPONSIBILITIES:
Become comfortable with the technology that the Cybersecurity team uses to document, track and update security control implementation statements and associated workflows.
Collaborate with internal teams to update and maintain the System Security Plans and Security Assessment Reports and ensure that the changes are reviewed and approved where required.
Work with internal teams to document FedRAMP compliant workflows while educating them about the FedRAMP controls that impact their work.
Partner with engineers to interpret and map compliance requirements to control implementation and across our products.
Categorize system and identified security objectives by applying appropriate information security Controls for Federal Information System's
Track and drive remediation of control deficiencies and gaps identified internally and externally.
Execute the company's FedRAMP roadmap with input from the operations team and infrastructure team stakeholders.
Track POA&Ms to closure
Interface with government agencies who may be customers and the FedRAMP PMO, e.g. by providing information when requested or status updates, Facilitate and verify FedRAMP evidence and artifacts (monthly, quarterly, annually, etc.) per FedRAMP continuous monitoring requirements. Performs other security team duties as assigned or requested.
The preceding functions are examples of the work performed by employees assigned to this job classification. Management reserves the right to add, modify, change or rescind work assignments and make a reasonable accommodation as needed.
Strong interpersonal, team and communication skills
Solid understanding of cybersecurity principles and best practices for a distributed enterprise environment.
2+ years of experience in the IT field in a security role related to IT audits, risk management, or system development Knowledge of network architecture components and industrial network protocols
Experience implementing cloud security and compliance standards, frameworks, and controls (ISO/IEC 27001, SOC 2, FedRAMP, NIST SP 800-53r4) for cloud service delivery models (IaaS, PaaS, SaaS)
Comprehensive knowledge of Federal cybersecurity-related guidelines and mandates such as NIST 800 Series, FISMA, FedRAMP, CDM, TIC
Ability to create effective procedure documents and workflow diagrams
Excellent verbal and written communication
Experience performing system or network administration
Experience with eMASS
One or more of the following certifications:
Certified Ethical Hacker (CEH)
Certified Authorization Professional (CAP)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Auditor (CISA)
Years of experience in a similar role:
10% per day
75% per day
10% per day
5% per day
20lbs 10x per day
50% per day
25% per day
15% per day
10% per day
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
If you need an accommodation seeking employment with DSS, Inc., please email email@example.com or call (561) 284-7373. Accommodations are made on a case-by-case basis.