Sr. Security Analyst

  • Full-time

Job Description

The Sr. Technical Security Analyst will support the Governance, Risk Management and Compliance program within IT Security. Primary responsibilities are to perform technical and non-technical risk assessments on systems to determine and communicate the level of existing and residual risk to business areas.

The ideal candidate will be a self-starter with a voracious appetite for learning and have an analytical mind that constantly looks for elegant and secure solutions to difficult problems. The candidate must be proficient and experienced in conducting risk assessments in a complex environment. The candidate must have the ability to convey complicated technology and security concepts to management and non-technical business areas. The candidate should have technical knowledge and/or experience in security, networking, systems administration, database administration, architecture and/or other technical domains. The candidate must have a desire to work vast and complex environment where encountering and learning new information is a part of the daily routine. This position is not for traditional compliance environment with “checkbox” compliance requirements.


DUTIES AND RESPONSIBILITIES:

  • Work in a team environment to perform in-depth technical risk assessments of systems to determine risk level and mitigation strategies.
  • Work with the team to continuously improve the technology risk process and procedures
  • Communicate potential weaknesses and associated risks identified by the risk assessment and compliance process.
  • Develop action plans and/or recommend alternative solutions to resolve risks and exceptions.
  • Provide oversight to ensure tracking of remediation plans for timely closure of risk issues.
  • Provide security consulting and advisory services to business units and project teams.
  • Research and maintain a knowledge base regarding information security risks, issues, solutions and potential implications.
  • Provide Security requirements for development teams as needed prior to application deployment.
  • Review vendor contracts for compliance with Security Policies and Standards and perform vendor risk assessments.

Qualifications

REQUIRED QUALIFICATIONS

  • Bachelor’s degree or equivalent work experience and a proven track record in the field of information security and/or risk management.
  • 5+ years of hands-on technology, risk, security and/or governance experience.
  • Must have in-depth knowledge of common information security topics, policies and standards.
  • Excellent verbal and written communication skills with the ability to understand business requirements.
  • Must be able to develop risk management strategies that align with business goals and objectives and protect the confidentiality, integrity and availability of information systems and data.
  • Project management experience on information security processes and within software development life cycles is desired.
  • Familiarity with measures and metrics used in risk assessment methods and/or vulnerability assessment processes.
  • One or more of the following certifications: CISSP, CISA, CISM, CRISC
  • Thorough technical knowledge of the following areas: IT Audits, IT Governance, Risk and Compliance, Information Security and/or Technical Privacy.
  • Solid organizational skills and strong customer service skills.


DESIRED QUALIFICATIONS

  • Amazon Web Services (AWS) security or compliance knowledge
  • Knowledge of Application Security (OWASP) risks
  • Knowledge of Network Security
  • Security Awareness

Additional Information

  • Job Location:   Ashburn, VA (On-site only)
  • Job Type:   Full-Time (W-2 Only)
  • Pay:   Up to $140K/yr (Depends on Experience)
  • Clearance:   Lawful authorization to work in the U.S for any employer