Remote with Travel to on-site location(s)
Nationwide IT Services is seeking an experienced Cybersecurity Analyst to support a task on its flagship contract. The ideal candidate will be experienced with performing security reviews/assessments of all customer systems/subsystems at various locations in the US, document findings and make recommendations to address any weaknesses/vulnerabilities. The Cybersecurity Analyst will report directly to the Program Manager and provide weekly reports/updates on progress as well as any issues/risks/concerns.
Travel will be required: Candidate must be willing to travel in the continental US and territories as there will be 10-11 trips per year for site assessments.
• Assess on premise and commercial cloud-based infrastructure, applications, and services within subsystems at a moderate security categorization following NIST Special Publications, e.g. NIST SP 800-37, 800-53, 800-53A, 800-137, to determine overall effectiveness of security controls implemented within or inherited by the information system and/or identify weaknesses.
• Conduct pre-assessment activities to understand the subsystem on premise and commercial cloud-based infrastructure, applications, and services as well as existing compliance and security posture in preparation for cybersecurity review
• Participate in on-site cybersecurity reviews of subsystems to verify and validate effectiveness of cybersecurity controls using interview, examine, and testing assessment methods
• Interface with all levels of personnel within subsystems as part of cybersecurity reviews, including system administrators, scientific staff, and management
• Document assessment results and contribute to deliverables, e.g. Security Assessment Plan and Security Assessment Report
• Contribute to Security Assessment Plans for cybersecurity reviews of subsystems
• Document assessment results of reviewed controls for subsystems in Security Assessment Reports
• Determine adequacy of any mitigating controls and factors for residual risk with subsystems
• Recommend remediation actions for identified weaknesses and vulnerabilities to protect on premise and commercial cloud-based infrastructure, applications and services within subsystems against loss of confidentiality, integrity and/or availability
• Have exposure and experience with a variety of IT technologies, architecture, concepts, best practices, and procedures, including commercial cloud environments. Customer subsystems on premise infrastructure consists mainly of Windows, Unix/Linux and Mac OS operating systems, including virtualized environments. Commercial cloud-based systems include those in Amazon Web Services (AWS).
• Provide specific recommendations to subsystems on how to correct weaknesses or deficiencies in the controls identified during assessment
• Track implementation of corrective actions by the subsystems.
• Bachelor’s Degree in Computer Science or related field required.
• 6-8 years of experience involving security review/assessments with federal government agencies to determine effectiveness of management, operational and technical cybersecurity controls
• Expertise/knowledge of Assessment and Authorization guidelines and security compliance standard operating procedures and processes
• Great analytical, critical thinking and problem-solving abilities
• Excellent verbal/written communication skills
• Ability to multi-task and support multiple tasks/activities
• Must be US Citizen or Authorized to Work in the United States.
• Ability to obtain and retain a Public Trust clearance
About Nationwide IT Services
NIS is an IT and Management consulting company, designated 8(a) by the SBA, and a CVE-verified Service Disabled Veteran Owned Small Business. Our mission is to deliver value-added services to our customers, leveraging technology, people, and industry best practices to implement innovative solutions through our trusted employees and team members.
Our benefits package includes medical, dental, and vision insurance, life and disability insurance, 401(k) plan with employer match, paid holidays, PTO (sick/vacation), commuter benefits, employee assistance program (EAP) and educational reimbursement.
Nationwide IT Services, Inc. provides equal employment opportunities (EEO) to all qualified applicants for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, genetics, disability or protected veteran status.