U.S. citizenship is required.
All candidates must be able to obtain a Federal background clearance.
OmniSystems has an exciting opportunity for a Security Requirements Analyst in Frederick, MD. The Security Requirements Analyst acts as a security documentation and policy specialist, interfacing between the customer and IT security team. The ideal candidate is detail oriented with strong written and oral communication skills as well as a strong technical background. He/she will be responsible for planning, developing, finalizing, and reviewing key documentation deliverables for the customer and other stakeholders. A strong understanding of the policies and standards and requirements outlined by FISMA, NIST, OMB and other federal guidelines is required.
The Security Requirements Analyst will be engaged with key organizational personnel (technical, administrative, and executive), and security engineering team to develop and manage security documentation throughout the system lifecycle in support of FISMA requirements. This includes, but is not limited to; system security plans, system boundary documents, contingency plans, disaster recovery plans, incident response plans, security impact analyses, POA&Ms, vulnerability assessment reports, and any other necessary documents to support a system’s authority to operate (ATO).
Bachelor s degree in a relevant subject or equivalent experience and a minimum of (3) years of directly applicable work experience.
- Experience developing and maintaining security documentation required for ATO
- Understanding of the NIST 800-53 r4 framework and implementation requirements
- Experience developing and maintaining Standard Operating Procedures for organizations
- Working face-to-face with multiple stakeholders interviewing, planning, or participating in a team effort to bring multiple complex projects to fruition in a highly motivated, fast paced environment.
- Understanding of Cloud platforms (PaaS, SaaS, IaaS) and protections as described in FedRAMP is a plus.
- Familiarity with AWS and Azure platforms preferred
- Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.
- Familiarity with performing/ preparing Security Impact Analyses (SIA) and how they fit into an organizations SDLC
- Knowledge of IT security architecture and design is a plus
- Knowledge of Windows operating systems.
- Knowledge of configuration standards (CIS Benchmarks, DISA STIGS)
- Responsible for the development of security documentation and policies.
- Attend meetings with other business units (Development/ Test/ Infrastructure/ Management) to provide input from an information security perspective
- Perform Security Impacts Analyses on every change to the system before implementation into the production environment
- Interface with the customer to ensure all security requirements are met.
- Work with Security Compliance/ Engineering/ Administration teams to maintain Standard Operating Procedures
- Ensures that all policies reflect current standards in place including FISMA and other industry standards as required.
- Monitors compliance and conducts periodic reviews of policies.
One or more of the following, in good standing:
- Certification and Accreditation Professional (CAP)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Ethical Hacker (CEH)
- Certified Information Systems Auditor (CISA)
- CompTIA Security+
Work From Home - At the present time this role is primarily remote due to COVID-19 and will continue to be until such time that the COVID threat has been dealt with and our clients are able to return to normal office operations. At that time we envision that the position will have the opportunity to conform to pre-COVID teleworking arrangements where work from home for part of the week will be possible.