Security Analyst

Experis IT is looking for a Security Analyst focusing primarily on application security. Knowledge of NIST Risk Management Framework, application security testing and vulnerability management are vital to this role. This is a contract to hire role where you will obtain a public trust and potentially be hired full time after 6-12 months. Please review the JD below and reach out to me for more information on this and other lucrative opportunities at Experis IT.

Job duties/responsibilities:

NIST Assessment and Authorization
Knowledge of the OWASP Top 10
Understanding of the operation of relational and noSQL data base systems (Oracle, My SQL, MapReduce, etc.)
Experience in Unix/Linux, Windows systems
Application penetration testing tool experience (e.g. burp suite, Core, ZAP)

Understanding of network-based protection systems
Understanding of information management and protection systems (AV, Patch management, etc.).
Understanding of System Security design (3-zone, partitioning, etc.)
Understanding of application development methods (Dev/Ops specifically)
Understanding of systems hardening methods and standards (GPOs, STIGS, etc.)
Candidate must be a great communicator (both written and verbal) and be able to work with a group as well as independently
Experience with program security and information systems security best practices
Ideal candidate will be self-motivated, organized, and detail oriented
GXPN, GPEN, KLCP, CEH, or equivalent certifications
Desired Qualifications: (desired experience, education, and training)
Experience in Federal security certification and accreditation
Understanding of NIST 800-53 policies and implementation
Experience with HIPAA and the Centers for Medicare and Medicaid (CMS)
Familiarity with applicable HHS and CMS policies, procedures and operating instructions related to program security, information assurance and information management

Assess security controls for various systems.
Assess application security to close findings or test vulnerabilities (utilizing burp suite).
Assist in process improvement and automation for the assessment methodology.
Conduct evaluations of information system components, management, and design, focusing on information security aspects and accreditation according to the NIST Risk Management Framework.
Utilize various information system inspection tools to audit systems, analyze potential vulnerabilities and identify mitigation approaches.
Review program documentation such as Risk Assessments, Security Plans, and System Design Documentation.
Conduct ongoing assessments of contractor facilities as needed to ensure compliance with security requirements tailoring requirements, as needed.

Experis is an Equal Opportunity Employer (EOE/AA)


Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Sr Security Analyst/ Threat Hunter
Lanham, MD General Dynamics Information Technology
Associate Cyber Security Analyst
Lanham, MD General Dynamics Information Technology
Cyber Security Analyst
Rockville, MD Lockheed Martin
Senior Info Systems Security Analyst
Bethesda, MD Vencore
Security Analyst
Bethesda, MD Vencore
Technical/ Cyber Security Analyst (Expert)
Bethesda, MD MacAulay-Brown, Inc.