The IT Security Analyst is responsible for completing and maintaining system security plans (SSP) for new and existing systems. This requires close coordination with IT project teams, business and enterprise security representatives, and product owners, to establish and maintain processes and controls for security vulnerability remediation.
Job Duties
- Create system security plans (SSP) for new applications in alignment with the Secure Application Development Life Cycle (SADLC) and Michigan Security Accreditation Process (MiSAP).
- Maintain SSPs for existing applications requiring authority to operate (ATO) and those facing software and/or hardware enhancements.
- Continuously monitor plans of action and milestones (POA&M) and corrective action plans (CAP) as they relate to the SSPs in collaboration with the MDOT Enterprise Information Management (EIM) office.
- Validate respective SSPs to ensure NIST control requirements are met.
- Author recommendations associated with your findings on how to improve the customer’s security posture in accordance with SOM PSP & NIST controls.
- Assist team members and vendors with proper artifact collection to satisfy assessment requirements
Requirements1 year:
- Experience in the IT industry analyzing and applying information security principles and practices
- Experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems Experience analyzing the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3,4 or 5, and 800-53A Revision 1.
Experience working independently and in a team environment
Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
Ability to collaborate on multiple projects/efforts at a given time
Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change
Desired Skills
2 years:
- Experience with other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements
- CISSP, CISA, PMP and/or Security+ certification
- Experience working with software vendors to implement security controls
Minimum Education
Location
- Local candidates ONLY
- Position is a hybrid schedule with 2 days/week in office, first six months in person days must be Tuesday/Wednesday.
- Working hours Monday-Friday, approximately 8:00 a.m. to 5:00 p.m.
Additional Requirements
- Must be authorized to work in the United States; We are unable to offer sponsorships at this time
- Must undergo a background check and drug screening for employment.
Employment Terms
- This is a W2 position
- 40 hrs per week
- HYBRID schedule - 2 days/week in office, first six months in person days must be Tuesday/Wednesday.
About Zenfreed
At Zenfreed, we are more than an IT company. We bridge the gap between people wanting to do the work they were meant to do and organizations needing the right talent.
We are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.
BenefitsWe understand a comprehensive benefits package is crucial to employment satisfaction. We offer medical, dental and vision coverage options for all employees.