IT Security Analyst

Richmond, VA
Contracted
Experienced
Location: Richmond, VA - Must live within 50 miles
Position Type: Hybrid
Hybrid/Onsite Schedule: 3 days onsite
Contract Length: 4 months with extension

Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle.

Required Skills:

  • 5 years of experience with NIST 800-53 rev 5 and/or Criminal Justice Information System (CJIS) specifications for an information security management system.

  • 5 years of experience with software development lifecycle, vulnerability management processes, and role-based authentication methodologies.

  • 5 years of experience working with programming languages such as Python, Java, JavaScript, C++, C#, SQL, HTML, CSS, and/or COBOL.

  • 5 years of experience using automated vulnerability scanners like Nessus, Qualys, Retina, and/or Tenable.

  • 5 years of experience using web application security testing tools such as Burp Suite, Fortify, and/or AppScan.

  • 5 years of experience with basic scripting skills (e.g. WDL, VBScript, JavaScript, PowerShell, Python) for automation.

  • 5 years of experience working with IT security or risk assessment certifications such as CISM, CCSP, CISSP, CEH, CompTIA Pentest+, and/or CompTIA Security+.

Duties:

  • Perform vulnerability management activities, including assessment, tracking, and coordination of remediation efforts across applications, infrastructure, and endpoints.

  • Conduct internal application penetration testing, document findings, and recommend security improvements.

  • Analyze the security impact of application, configuration, and infrastructure changes as part of the change management lifecycle.

  • Evaluate and document the security posture of new systems or system interfaces and their impact on the existing environment.

  • Assess configurations of applications, servers, and network devices for compliance with security standards.

  • Investigate and respond to security incidents, providing thorough post-incident analysis and reporting.

  • Perform annual password security audits and coordinate organization-wide user access reviews.

  • Implement and support Secure Software Development Lifecycle (SSDLC) practices and DevSecOps processes.

  • Identify, analyze, and document the impact and risks of newly discovered vulnerabilities.

  • Determine appropriate security controls and protection needs for information systems and networks.

  • Create and maintain documentation and desk procedures for all security-related processes.

  • Automate and script recurring security tasks and processes to improve efficiency.

  • Collaborate and communicate effectively with stakeholders to address and manage security risks and requirements.

Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*