Security Analyst

Newwave Technologies Baltimore , MD 21203

Posted 4 months ago

Overview

NewWave is an information technology company helping businesses and government agencies modernize and thrive by applying the power of technology. NewWave began making a mark in the federal healthcare space in 2004, where we continue to actively modernize systems to improve healthcare's value for millions of Americans. Since then, our work has expanded across various sectors and industries, where we help our customers stay ahead of the new and make the world in which we live, better.

Responsibilities

The Security Analyst is an individual with assigned responsibility for maintaining the appropriate operational security posture for a federal information system or program. This individual would require hands-on experience evaluating, designing, documenting, implementing, operating, testing, and monitoring security and privacy controls that support the information system security and privacy program.

  • Work with developers to refine security checkpoints in the SDLC and make sure information security risks are managed throughout all the phases of the SDLC.

  • Use automated tools to perform source code security analyses to identify vulnerabilities and attack vectors in web applications.

  • Provide FedRAMP requirements and guidance.

  • Provide Federal Information Security Management Act (FISMA) support and subject matter expertise.

  • Independently develop a variety of C&A deliverables including: System Security Plans, E-Authentication Risk Analysis, Privacy Impact Assessments, Annual Assessments, Contingency Plans, Incident Response Plans, and FIPS 199 Security Categorizations, etc.

  • Develop and maintain Plans of Action and Milestones corrective actions for audit findings.

  • Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.

  • Performs periodic internal audits, vulnerability assessments, and Web Application testing.

  • Maintains current knowledge of relevant technology as assigned.

  • Participates in special projects as required.

Qualifications

Preferred

  • Hands-on experience with implementing, documenting, maintaining, and monitoring CMS Acceptable Risk Safeguards control requirements.

  • Experience in implementing and enforcing policies, procedures and guidelines in a complex environment.

  • Experience assisting with the implementation of an automated CI/CD DevSecOps pipeline.Experience driving ATOs including the privacy controls specified in NIST SP 800-53 rev 4 Appendix J.

  • Experience in the development, implementation and operation of IT Security Strategy within a complex environment.

  • Knowledge and experience with security best practices and relevant legislation.

  • Experience with IT Security management, access policy and management, authentication and SSO, authorization, audit, secure communications and network protection, data protection and privacy, and security administration.

  • Understanding of, and ability to communicate, security and risk implications to technical and non-technical audiences.

  • Experience working as part of an agile scrum team, assisting with security-related tasks and deliverables associated with bi-weekly sprints.

Technical

  • Experience using vulnerability scanner such as Nessus, OpenVAS, Retina or Nexpose.

  • Experience running static analysis /static application security testing tools such as SonarQube, Fortify or Veracode.

  • Experience running dynamic application security testing tools such as WebInspect, AppSpider, Acunetix, AppScan, Qualys, Burp Suite Pro or OWASP ZAP.

  • Experience running component analysis tools such as Sonatype Nexus IQ, Synopsys Black Duck, OWASP Dependency-Check/Track.

  • Experience with GRC tools, such as CSAM, CFACTS, TAF, or Xacta.

  • Proficient in Microsoft Office (Word, Excel, PowerPoint, etc.) and Visio.

  • Ability to leverage Microsoft Project for project planning.

Residency Requirement

  • Must have lived in the United States at least 3 out of 5 years.

FLSA Status

  • Exempt

INTERPERSONAL SKILLS:

  • Excellent interpersonal, communication, and organizational skills.

  • Excellent written and verbal communication skills must be able to communicate fluently in English both verbally and in writing

  • Should be extremely facts and data oriented.

  • Should be deadline and closure oriented.

  • High Energy Levels. Should be self-driven.

  • Strong analytical, organizational and project management skills.

  • Demonstrated ability to lead and work with cross functional teams including senior level individuals.

  • Must be able to thrive in a fast-paced, rapidly evolving environment with varying priorities, based on a team building culture.

NewWave is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. NewWave is a proud Veteran friendly employer.

Options


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Analyst

Deloitte & Touche L.L.P.

Posted 2 months ago

VIEW JOBS 9/12/2019 12:00:00 AM 2019-12-11T00:00 Are you passionate about cyber and security challenges in information technology, associated with threats and vulnerabilities? Are you looking for an enriching experience to build your career and brand? If you are interested in a role that offers an opportunity to provide front line support to our clients instead of a "back office programmer" position then Deloitte's Federal Cyber Risk team could be the place for you! Join our team of Cyber Risk professionals who collaborate with government agencies, IT professionals, and clients to support cyber security and risk consulting engagements. Work you'll do As a Consultant within our Cyber Risk team, you will: * Work with Federal clients to mitigate cyber risk and threats * Identify opportunities for efficiencies in work process and innovative approaches to completing scope of work * Participate in team problem solving efforts and offer ideas to solve client issues * Conduct relevant research, data analysis, and create reports * Maintain responsibility for completion and accuracy of work products * Assist in proposal development, as requested * Actively expand consulting skills and professional development through training courses, mentoring, and daily interaction with clients The Team Transparency, innovation, collaboration, sustainability: these are the hallmark issues shaping Federal government initiatives today. Deloitte's Federal practice is passionate about making an impact with lasting change. Carrying out missions in the Federal practice requires fresh thinking and a creative approach. We collaborate with teams from across our organization in order to bring the full breadth of Deloitte, its commercial and public sector expertise, to best support our clients. Our aspiration is to be the premier integrated solutions provider in helping to transform the Federal marketplace. Our Federal Cyber Risk team is client focused and mission driven. Our team works across industries and sectors to respond more rapidly and effectively, providing recommendations to improve cyber threat detection. Qualifications Required: * Bachelor's Degree in Information Technology, Information Systems Security, Cybersecurity, or related field * 0-1+ year(s) of relevant consulting or industry experience * Proven experience effectively prioritizing workload to meet deadlines and work objectives * Demonstrated ability to write clearly, succinctly, and in a manner that appeals to a wide audience * Proficiency in word processing, spreadsheet, and presentation creation tools, as well as Internet research tools * Ability to obtain and maintain the required clearance for this role * Must be legally authorized to work in the United Statas without the need for employer sponsorship, now or at any time in the future Preferred: * Previous Federal Consulting experience * Understanding of fundamental cloud computing concepts * Experience with Information Assurance concepts and processes within the Federal government * Knowledge of and experience with Federal security regulations, standards, and processes including FISMA, FIPS, NIST, and FedRAMP How you'll grow At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte's culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world. Recruiter tips We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. Check out recruiting tips from Deloitte professionals. As used in this posting, "Deloitte Advisory" means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. Requisition code: E20BALCONMS73539 * * * * * * Deloitte & Touche L.L.P. Baltimore MD

Security Analyst

Newwave Technologies