Security Analyst (remote)
This is a remote position.
This position will be open and accepting applications until 5 PM EST on March 5,2021.
Some Federal contracts require U.S. citizenship to be eligible for employment.
Ad Hoc is a digital services company that helps the federal government better serve people. Our team of experts from across commercial industry and government brings the modern skills necessary to help agencies transform public services into digital services. Our work enables agencies to meet the needs of their users while closing the gap between consumer expectations and government.
We are hiring a Security Analyst to support our federal health teams. This person will work with Ad Hoc product and engineering leads, as well as our government partners, to understand security and compliance requirements for a variety of initiatives, translate those requirements into effective, but flexible processes that ensure compliance while minimizing burden on the product development lifecycle, and create related documentation for a wide variety of audiences.
The security analyst will test and review information systems in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, and implement changes and document upgrades. They will also be required to assess the impacts on system modifications while staying up-to-date on technological advances.
The successful candidate will be a strong communicator with demonstrated experience working with a variety of stakeholders to design and implement compliance processes that support the software development lifecycle. They should also have experience developing related documentation and other artifacts for a wide range of audiences and have an interest in leading internal efforts to share lessons-learned and promote continuous improvement.
- All work must be conducted within the U.S.
- As a contractor to the federal government, all hires may be required to complete additional background screenings at the time of hire or any time thereafter as requested.
What You'll Do
- Provide accurate technical evaluations of the software application, system, or network and document the security posture, capabilities, and vulnerabilities against applicable NIST and ARS 3.1 controls.
- Configuration/Patch/Vulnerability Management - Perform and review scan results for the system assets, identify the respective remediation for misconfigurations and weaknesses, and work with the system team to ensure timely implementation of a fix
- Participate as a member of the Incident Response Team by conducting forensic analysis and troubleshooting to assist in the containment and remediation of security incidents
- Develop metrics to measure and track compliance, risk and the effectiveness of the information security program
- Experience working with engineers for the automation of security controls.
- Experience executing Threat Modeling, Contingency Plans and Security Control Audits.
What You'll Bring
- 3+ years of experience in software design and development, architecture, operations.
- Previous experience supporting software teams in a security and compliance capacity, preferably within an agile environment. Some examples include translating security and compliance requirements into tasks, prioritizing tickets, removing blockers, developing plans to support development, and understanding how changes may impact software security and privacy.
- Understand how to create processes that support the delivery of secure and compliant systems while minimizing burden and impact on product teams. Has experience operating within the context of the full software development lifecycle.
- Take a consultative and proactive approach to understanding requirements, designing effective processes, and identifying opportunities for improvement.
- Experience delivering formal documentation (i.e., System Security Plans, Version Description Document, contracts, application documentation) and is effective at translating complex technical terms for a wide variety of audiences.
- Capable of managing compliance efforts and reporting on progress across multiple teams.
- CISA, CISSP or HCISSP preferred, not required
- AWS Certified Security Specialty preferred, not required
- Company-subsidized Health, Dental, and Vision Insurance
- Use What You Need Vacation Policy
- 401K with employer match
- Paid parental leave after one year of service
- Continuing education/annual conference attendance stipend
Ad Hoc LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, sex, sexual orientation, gender identity or expression, religion, age, pregnancy, disability, work-related injury, covered veteran status, political ideology, marital status, or any other factor that the law protects from employment discrimination.