SAIC is seeking a Cyber Security Analyst in Washington DC. SAIC will support the Department of Health and Human Services (HHS) cybersecurity mission to ensure HHS can actively protect the vital health information with which it is entrusted, respond to existing and emerging cybersecurity threats, and continue to enhance the program to ensure HHS has the capability and capacity to respond to new and emerging requirements, technologies and threats.
The Cybersecurity Analyst ensures information and information technology (IT) assets are appropriately secure and compliant with federal regulations and industry-best security practices. The Analyst shall deliver services and support to the client delivery of Cybersecurity, Operations, Governance, Risk Management, and Compliance (GRC) services to support the client's Cybersecurity mission. The Information Assurance Analyst will plan and implement policies, procedures, standards, and controls to govern enterprise level protection of corporate information systems, networks, and data. The Information Assurance Analyst will stay up-to-date on the latest cyber-security intelligence, including hackers' methodologies, in order to modify frameworks, standards, policies, and security controls that govern cyber-security across the client's information resources.
The Cyber Security Analysts responsibilities will be:
- Perform control assessments against corporate cyber-security framework
- Perform review of policies and supporting procedures/processes to identify gaps
- Learn and master how to perform 3rd Party Vendor assessments using industry standards and best practices
- Other security-related projects that may be assigned according to skills such as assist in maintaining the Information Security Risk Registry
- Perform management, monitoring, and tracking of audit engagements to include coordinating with necessary stakeholders, crafting responses for government review and approval
- Ability to work with and collaborate with regional team members and provide guidance to subordinate divisions.
- Review, analyze, and provide guidance for Information Assurance Vulnerability Management compliance scans on networks & computing devices.
- Contribute to research and analysis and translate security policy and requirements to define best methods and practices.
- Work closely with project managers and senior technical leads to ensure work meets client objectives.
- Participate in the preparation of project briefings and reports.
- Create and maintain centralized tracking mechanism and repository for audit responses and artifacts to
- Create and maintain a centralized audit process and repository for the collection, aggregation and storage of audit responses.
- Develop System Security documentation, including FIPS-199 determination, e-Authentication, privacy threshold analysis, privacy impact assessment, system security plans (SSP), IA policies, Rules of Behavior, security test and evaluation (ST&E) plans, risk assessment plans and reports, business continuity plans, disaster recovery plans, incident response plans, contingency plan, contingency plan test report, plans of action and milestones (POA&M) development, exception and waiver letters development, annual security control self-assessment, and continuous monitoring activities.
- Bachelor's Degree in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of Cybersecurity
- Possess 1 current security certifications (e. g., Security+, CCNA, CCNP, Network+, CEH, SANS, AWS) or be willing to obtain within 6 months of assignment
- Entry-1 years' experience working in an Information Security Risk Management role - Entry
- 1-3 years' experience working in an Information Security Risk Management role - Junior
- Bachelor's Degree in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of Cybersecurity (+2 years)
- Working knowledge of information system standards such as (ISO, NIST, HIPAA, NIST, HiTrust, PCI, CIS, COBIT, etc.)
Apply on company website