NewWave is an information technology company helping businesses and government agencies modernize and thrive by applying the power of technology. NewWave began making a mark in the federal healthcare space in 2004, where we continue to actively modernize systems to improve healthcare's value for millions of Americans. Since then, our work has expanded across various sectors and industries, where we help our customers stay ahead of the new and make the world in which we live, better.
The Security Analyst is an individual with assigned responsibility for maintaining the appropriate operational security posture for a federal information system or program. This individual would require hands-on experience evaluating, designing, documenting, implementing, operating, testing, and monitoring security and privacy controls that support the information system security and privacy program.
Work with developers to refine security checkpoints in the SDLC and make sure information security risks are managed throughout all the phases of the SDLC.
Use automated tools to perform source code security analyses to identify vulnerabilities and attack vectors in web applications.
Provide FedRAMP requirements and guidance.
Provide Federal Information Security Management Act (FISMA) support and subject matter expertise.
Independently develop a variety of C&A deliverables including: System Security Plans, E-Authentication Risk Analysis, Privacy Impact Assessments, Annual Assessments, Contingency Plans, Incident Response Plans, and FIPS 199 Security Categorizations, etc.
Develop and maintain Plans of Action and Milestones corrective actions for audit findings.
Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
Performs periodic internal audits, vulnerability assessments, and Web Application testing.
Maintains current knowledge of relevant technology as assigned.
Participates in special projects as required.
Hands-on experience with implementing, documenting, maintaining, and monitoring CMS Acceptable Risk Safeguards control requirements.
Experience in implementing and enforcing policies, procedures and guidelines in a complex environment.
Experience assisting with the implementation of an automated CI/CD DevSecOps pipeline.Experience driving ATOs including the privacy controls specified in NIST SP 800-53 rev 4 Appendix J.
Experience in the development, implementation and operation of IT Security Strategy within a complex environment.
Knowledge and experience with security best practices and relevant legislation.
Experience with IT Security management, access policy and management, authentication and SSO, authorization, audit, secure communications and network protection, data protection and privacy, and security administration.
Understanding of, and ability to communicate, security and risk implications to technical and non-technical audiences.
Experience working as part of an agile scrum team, assisting with security-related tasks and deliverables associated with bi-weekly sprints.
Experience using vulnerability scanner such as Nessus, OpenVAS, Retina or Nexpose.
Experience running static analysis /static application security testing tools such as SonarQube, Fortify or Veracode.
Experience running dynamic application security testing tools such as WebInspect, AppSpider, Acunetix, AppScan, Qualys, Burp Suite Pro or OWASP ZAP.
Experience running component analysis tools such as Sonatype Nexus IQ, Synopsys Black Duck, OWASP Dependency-Check/Track.
Experience with GRC tools, such as CSAM, CFACTS, TAF, or Xacta.
Proficient in Microsoft Office (Word, Excel, PowerPoint, etc.) and Visio.
Ability to leverage Microsoft Project for project planning.
Excellent interpersonal, communication, and organizational skills.
Excellent written and verbal communication skills must be able to communicate fluently in English both verbally and in writing
Should be extremely facts and data oriented.
Should be deadline and closure oriented.
High Energy Levels. Should be self-driven.
Strong analytical, organizational and project management skills.
Demonstrated ability to lead and work with cross functional teams including senior level individuals.
Must be able to thrive in a fast-paced, rapidly evolving environment with varying priorities, based on a team building culture.
NewWave is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. NewWave is a proud Veteran friendly employer.