Security Analyst

By Light is hiring a Security Specialist to join our team developing and deploying a mission critical IT system for the Department of Veterans Affairs. This position will audit environments for compliance against NIST and VA security and privacy control requirements. This role can work remotely from a home office.

By Light provides a broad range of hardware, software, engineering, and IT integration services. Headquartered in Arlington, VA, we support defense, civilian, commercial, and health IT customers worldwide. We offer an excellent benefits package that includes: medical, dental, vision, life and disability insurance, paid time off, paid holidays, and 401(k) match.

• The candidate will be responsible for conducting routine audits such as user access and permissions, matrix reporting for vulnerability remediation efforts, tracking Plan of Action and Milestones.
• Review and update security documentation.
• Support vulnerability management.
  Utilize a GRC tool such as eMASS for risk management.
• Communicate complex and technical information to non-technical staff efficiently and clearly.
• Respond to security incidents and provide detailed incident reports.
• Recommend security enhancements to management or senior IT staff.
• Stay current on latest intelligence in order to anticipate security breaches.
• Review system weakness and identify vulnerabilities in the system by conducting regular audits.
• Review and track Nessus, Database, and Fortify Scan findings.
• Be comfortable with audit, security, FISMA, ISO 27001, HIPAA, and HITECH requirements.
• Respond to Veterans Administration program leads, National and International Program Managers to provide guidance and understanding on the priority of security and privacy requirements affecting development and acquisition programs.
• NIST 800-37 Risk Management Framework and NIST SP 800-53 requirements analysis.

• 4+ years of experience in managing security programs for a variety of IT products, systems and networks both small and large and complex.
• Ability to ensure that records are maintained, security updates are promulgated, and staff are properly briefed.
• Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
• Experience with network architecture, topology, and protocols and familiarity with both operation systems and cloud platforms.
• Experience in coordinating with organizational security teams to ensure program consistency and compliance with all security requirements.
• Knowledge of organizational and agency level security requirements and ensures that systems and personnel comply with these standards.
• Must have comprehensive knowledge on the various levels of information security requirements.
  NIST 800-53 and Certification and Accreditation experience required.

• Preferred
• Veterans Affairs experience preferred.
• CISSP or similar certs preferred.
• Use of VA's eMASS tool a very big plus.

• Candidate must be able to successfully complete a background check for Tier 4 (High) public trust