Austin-based SDVOSB delivering application development, cybersecurity, instructional design and training to DOD and VA.
ISSO Security Analyst
Location
United States
Posted
7 hours ago
Salary
$85K - $90K / year
Seniority
Senior
Job Description
ISSO Security Analyst
MKS2 Technologies
• As a Security Analyst on our team, you’ll use your experience to work with Veterans Affairs (VA) Information System Owners (ISO), Information System Security Officers (ISSO), site managers, and other system stakeholders to coordinate and drive the completion of Risk Management Framework (RMF) steps 0-6 ATO activities and requirements, identify and mitigate risks, escalate project risks to leadership, understand and apply VA authorization policies and processes, and provide information system security expertise. • You'll ensure the appropriate operational security posture is maintained for information systems throughout the system’s lifecycle from product acquisition and installation through decommission. • You will complete and maintain very detailed security documentation and coordinate to execute ATO support duties that document security details related to system installations, a variety of IT systems, networks, hardware, and software in a variety of complex and simple installation sites. • You’ll work with your client to translate security concepts into actionable, implementable solution recommendations to help the client make informed security decisions from all aspects of IT deployments ensuring full commissioning is completed through deployment into production and decommissioning. • This is your opportunity to act as an information security and RMF subject matter expert while broadening your skills in cybersecurity.
Job Requirements
- Experience supporting all RMF steps, security categorizations, creating and updating security artifacts and FISMA security documents, control implementation details, and Plan of Action and Milestones (POA&M)
- Experience with National Institute of Standards and Technology (NIST) SP 800-53 security controls, RMF, and system authorizations and security compliance standards and processes
- Experience creating plans and approaches for executing product installation securely in accordance with agency authorization policy requirements for system major changes and development lifecycles, while identifying potential risks and working with system stakeholders to create mitigation strategies to reduce or eliminate risks
- Experience analyzing authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with system stakeholders to address identified gaps in accordance with required deadlines
- Ability to independently lead client-facing meetings and present complex ATO topics to the client
- Ability to organize, manage, and maintain large amounts of discrete data with various expiration dates across multiple systems simultaneously
- Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
- Bachelor’s degree in CS or Electronics Engineering and 5+ years of experience in information technology or 13+ years of experience in information technology in lieu of a degree
Benefits
- full benefits
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
• Gestão e acompanhamento de vulnerabilidades; • Monitoramento e investigação de eventos de segurança; • Apoio na operação e evolução de soluções SIEM; • Gestão de identidades e acessos (IAM); • Apoio na implementação de controles de segurança em ambientes Cloud AWS; • Participação em análises e tratamento de incidentes de segurança; • Elaboração e manutenção de políticas, procedimentos e controles de segurança; • Apoio às iniciativas relacionadas à LGPD e boas práticas de governança; • Interação com times técnicos para evolução contínua da postura de segurança da organização.
Senior Cybersecurity Analyst
Law School Admission Council (LSAC)LSAC is a not-for-profit organization committed to quality, access, and equity in law and education.
• Improve, manage, and provide direction re: LSAC Security Policies, Procedures, and Best Practices and maintain and enhance the formal Security Systems Program. • Assist in the Development of effective Cybersecurity policies to address existing and future threats such as AI computer policies, data governance and compliance. • Perform IT Security inspections, tests, system level audits and reviews of existing IT software and hardware to support and conduct the annual reviews to ensure compliance with SOC2, IT and Financial Audits, PCI/DSS, etc. • Evaluate and recommend new Security products and services (hardware and software). • Consult, monitor, and report on Security systems, e.g. such as intrusion prevention and detection systems, VPNs, and firewalls. • Perform network and system vulnerability scans and penetration testing on workstations, servers, network devices, and other computer systems and work with appropriate groups to close Security gaps. • Develop and support the development of automated tools that analyze the Security violations found in access control logs to discover patterns and evidence of problems. • Provide consultation and assistance to Infrastructure, Executive Staff, and other staff from other departments relating to information and systems Security. • Maintain a high level of confidentiality in identifying and aiding in resolving Security issues. • Monitor the networks and websites for the proper Security procedures, software configuration, and signs of compromise or attempted compromise. • Actively promote and enhance Security Awareness programs to LSAC staff and partnering with the Human Resources Department. • Participate in all Information Security projects and attend meetings to provide input and recommendations on issues that have an impact on LSAC’s Security infrastructure. • Evaluate and recommend solutions to current or potential Security threats as they relate to the data and computing environment. • Participate as a member of the Security Incident Response Team and Test Security Task Force. • Respond to Security incidents providing critical documentation and consultation by preserving all records indicating changes made to access control lists to facilitate investigations, as well as involvement to the response, root cause analysis, and implementation of a solution. • Keep abreast of the trends and issues in the industry related to Computer Security.
IT Security Analyst
Lakeside SoftwareLakeside Software helps IT teams monitor and optimize environments by focusing on the quantified end-user experience.
Role Description Lakeside Software is looking for a skilled Cybersecurity Analyst to strengthen our defenses and safeguard the integrity, confidentiality, and availability of our Azure cloud services and information systems. This role calls for a proactive, detail-oriented professional with a solid understanding of current cybersecurity threats and the ability to communicate clearly with stakeholders at all levels. You'll join a collaborative, forward-thinking team committed to protecting what matters most. What You'll Do - Conduct comprehensive security assessments to identify potential vulnerabilities in our Azure systems, networks, and applications. - Use Endpoint Device Management (EDM) solutions to remediate identified vulnerabilities through automated patch deployment. - Collaborate with engineering teams to address vulnerabilities that fall outside the scope of automated patching. - Utilize industry standard tools and methodologies to perform assessments and identify security gaps. - Execute regular vulnerability scans to uncover security weaknesses and ensure compliance with security policies and regulations. - Analyze scan results, prioritize vulnerabilities based on risk, and recommend corrective actions. - Monitor and review Indicators of Compromise (IOC) to detect and respond to potential security incidents. - Analyze threat intelligence and perform investigations to prevent or mitigate security breaches. - Collaborate with internal teams and external partners to contain and resolve security threats promptly. - Perform routine review of alerts and security logs to identify anomalous activity, escalate confirmed incidents, and maintain documentation of findings. - Conduct and document periodic user access reviews across systems and applications to support least-privilege controls and satisfy audit requirements. - Assist in responding to customer and prospect security questionnaires, including DDQs and vendor risk assessments, by accurately documenting Lakeside’s controls, certifications, and security practices in alignment with our security program and approved disclosure posture. - Performing special projects as required. Qualifications - Bachelor's degree in computer science or a related field, or equivalent experience. - 3+ years of experience in information security. - Strong technical documentation skills. - Hands-on experience with vulnerability scanning tools such as Tenable Nessus, Snyk Burpsuite, or equivalent. - Solid knowledge of cybersecurity frameworks and standards, including SOC 2, ISO 27001, and CIS. - Familiarity with information security features across Microsoft Windows, Linux, and macOS. - Experience managing Entra ID, EDM - Intune and Jamf, and EDR solutions. - Working knowledge of ITIL and NIST best practices. - Experience with threat detection and incident response, including analyzing and responding to IOCs. - Experience configuring and operating security tools including SIEM, WAF, EDR, and SASE platforms. Requirements - Knowledge of Azure Cloud Services. - Cloud security. Benefits - 20 Days Annual Leave. - 45 Days Annual Leave Maximum. - 4 Festival Days Named. - 8 Festival Days Select. - 12 Days Sick Leave. - 100% Paid Medical Insurance & GPA. - Wellness Programme. - 3x CTC Group Life Insurance. - Pension. - Employee Referral Scheme.
• Gestão e acompanhamento de vulnerabilidades; • Monitoramento e investigação de eventos de segurança; • Apoio na operação e evolução de soluções SIEM; • Gestão de identidades e acessos (IAM); • Apoio na implementação de controles de segurança em ambientes Cloud AWS; • Participação em análises e tratamento de incidentes de segurança; • Elaboração e manutenção de políticas, procedimentos e controles de segurança; • Apoio às iniciativas relacionadas à LGPD e boas práticas de governança; • Interação com times técnicos para evolução contínua da postura de segurança da organização.




