• Analyze application architectures to identify security risks and potential attack paths • Perform secure code reviews and vulnerability assessments, recommending effective remediation • Integrate security tools and automated checks into CI/CD and DevOps pipelines • Use static and dynamic scanning tools to identify, prioritize, and track security findings • Partner with developers and operations teams to embed security throughout the SDLC • Document and report application security issues, including remediation guidance and validation • Support new application and technology launches to prevent misconfigurations and data exposure • Collaborate with red teams, threat intelligence, and risk teams to reduce overall attack surface • Communicate security risks clearly to both technical and non-technical audiences • Support internal and external audits focused on compliance and risk reduction • Help define metrics and KPIs that demonstrate the effectiveness of the application security program • Participate in change management discussions and continuous improvement initiatives

• The Epic Security Analyst provides an intermediate level of operational and application build in completing routine and occasionally more sophisticated assignments to meet customer goals and desired outcomes. • Task and assignment focus are typically on medium to large projects, performing workflow analysis, build, and documentation in collaboration with internal and external team members. • Based on core knowledge of application and operational requirements can translate requirement/concepts into functionality. • Assigned to various work/projects and demonstrates an ability to successfully complete assigned tasks/assignments, proactively connect with manager to prioritize workflow and mitigate risks, track issues, provide solution-oriented escalation, and understand fundamental project management methodologies. • Participates in re-engineering of operational work-flow processes with end-users/business owners and maintains fundamental understanding of assigned departmental operations. • Facilitates end-user/business owner needs into system specifications and configuration requirements. • Manages navigation of migration paths, change control process/governance, and ticket management processes. • Maintains high standards for quality application design, build, testing, and other tasks; ensures adequate documentation is provided for support and end-user training.

• Analyze and fully reproduce potential security findings reported to our clients • Communicate with the global researcher community to gather information and inform them of triage analysis outcomes • Author and deliver NCC-quality vulnerability reports to the specifications of individual clients • Drive or contribute to projects that improve Bug Bounty Services’ tooling, operational processes, and delivery quality

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description DecisionPoint Corporation is seeking an Information Security Analyst to join our team! This role will support the design and implementation of a comprehensive approach to securing government networks and applications while ensuring compliance with federal security and oversight requirements. This position is fully remote. This requisition is contingent upon additional funding. Duties & Responsibilities - Provide guidance to ensure project compliance to the United States Government Baseline (USGCB) for IT Security, taking into account agency policies, default configurations and settings, IPv6 security capabilities, and any other potential IPv6 requirements. - Provide technical expertise of computer security laws, mandates, standards and policies in accordance with the Federal Information Security Management Act (FISMA) as amended, National Institute of Standards and Technology (NIST) Special Publications (SPs), Office of Management and Budget mandates, the Department of the Treasury policies for information security requirements and Federal Risk Management Program (FedRAMP) authorization process. - Utilize technical expertise of computer theories, principles, practices and industry standards to complete computer security related functions that include certification and accreditation of government information and telecommunications system, IT disaster recovery and business continuity planning, and risk management activities. - Represent the project in internal and external meetings, working groups, and integrated project teams to provide IT security compliance requirements. - Help in evaluating relevant global standards, compliance frameworks and regulations to analyze existing controls; identify areas for improvement; and design control growth. - Participate in internal security and compliance program and track recurring controls. - Help support customer security reviews, RFPs and external security and privacy inquiries. - Help support internal/external audits and evidence collection. - Document new and update existing policies, procedures, standards and resources. - Participate in Security awareness program, train personnel on data security & privacy related processes and responsibilities. - Participate in defining, collecting and tracking various Security Metrics. - Support vendor management, including vendor risk assessments and security reviews. - Ability to prioritize in a highly dynamic work environment. Qualifications - Ability to obtain a Public Trust and EOD. - Bachelor and three (3) years' or Master and (2) years' experience. - Three (3) years of experience working in information security or compliance, NIST, FISMA, ATO experience. - Technical understanding of IPv6 security requirements and associated network protocols. - Expert-level knowledge of Zscaler security solutions and their implementation in enterprise environments. - Ability to work closely with cross-functional stakeholders. - Ability to communicate effectively, in writing and verbally, to target audiences, including customers, partners, auditors, executive management, vendors, and peers. Desired Skills & Abilities - Work experience with ISO 27001 compliance standard. - Experience working with Security Controls across at least some of the following domains: Access Management, Encryption, Risk Management, Network Security, Configuration Management, Patch Management, Change Management, Awareness & training, BC/DRP, etc. - Ability to balance risk, potential impact, resourcing, business drivers, and timelines. - Advanced degree in computer science, information technology or Information security. - Ability to prioritize in a highly dynamic work environment. Our Equal Employment Opportunity Policy DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws. Pay Transparency Policy In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. Authorization to Share Resume and Personal Information By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.