Security Analyst
Full-time
United States – Must Work East Coast Hours
Up to 10% Travel
Primary Purpose and Goal of Role
Work with internal stakeholders and product engineering teams to drive key aspects of continuous monitoring requirements, support customer onboarding, and drive continuous improvements within the Security and Compliance program.
Responsibilities
- Rapid assessment teams to identify gaps, risks and remediations for information system
- Identify Boundary components in customer deployments
- Coordinate with internal stakeholder engineering teams to demonstrate the implementation of security compliance control per technical, management, and operational requirements
- Perform vulnerability and compliance scanning, analyze results, provide assessments and reviews
- Audit security control to ensure compliance with cloud requirements and governance models
- Support the development of technical material, operational processes, security policies, and other core documents
- Manage compliance metrics
- Write proposals demonstrating a sound understanding of basic contract language
- Manage program for Plans of Action and Milestones (POA&Ms)
- Coordinate and manage onsite assessments with external stakeholder
- Interview subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures
- Produce and edit technical drawings using MS Visio and similar design tools
- Clearly document client deliverable that specifies a framework of policies and procedures that include all legal, physical, and technical controls involved in an organization’s risk management
Requirements
- Bachelor's degree from an accredited university in English, Business Writing, Business Administration, etc.
- DHS Continuous Monitoring Program Education preferred
- Two years minimum writing technical documentation demonstrating knowledge of Cloud and Security concepts
- Two years minimum experience with NIST SP 800 Series, FedRAMP and FISMA and NIST SP 800-171
- Two years minimum writing, editing, and/or managing a wide variety of IT security documentation and familiarity with federal IT standards such as Federal Information Security Management Act (FISMA)
- Two years minimum working with NIST SP 800 Series, FedRAMP and FISMA, ISO27001, and NIST SP 800-171
- Two years minimum with cloud data security (FISMA/FedRAMP compliance) and working with public cloud solutions (AWS, Google, and Azure)
- Two years minimum interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
- Two years minimum producing and editing technical drawings using MS Visio or similar design
- Knowledge of Control Objectives for Information and Related Technologies (COBIT) framework
- Authorized to work in the United States without the need for visa sponsorship now or in the future
- Excellent verbal and written communication skills
- Ability to articulate complex information to both technical and non-technical audiences
- Team player that clearly and proactively communicates with internal and external stakeholders
- Ability to prioritize work to deliver on multiple projects simultaneously
Quzara LLC is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring based on sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law.