Information Security Analyst Lead

Job Description

Job Description

Description:

About Us

eSimplicity is a modern digital services company that partners with government agencies to improve the lives and protect the well-being of all Americans, from veterans and service members to children, families, and seniors. Our engineers, designers, and strategists cut through complexity to create intuitive products and services that equip federal agencies with solutions to courageously transform today for a better tomorrow.

Purpose and Scope

We are seeking an Information Security Analyst who is responsible for providing security support services while meeting security control compliance requirements for a portfolio of systems at various states of maturity and modernization. This role will provide support for continuously monitoring the cybersecurity posture of systems to secure against cyber threats.

The primary responsibility is to facilitate security tool and control implementation, security tool usage, and ensure tools and controls remain compliant and configured properly, all the while ensuring a successful program Authorization to Operate (ATO). Additionally, the expectation is to take ownership of communication and visualization of security issues, especially where coordination between product teams, information owners, engineering, and infrastructure staff is necessary for remediation.

The candidate will own coordination and response to the agency’s security-related inquiries, compliance with agency policy, security controls, and the maintenance of security documentation and artifacts. You will function as the primary liaison to provide timely and accurate responses to security-related data calls (System Security & Compliance Status, Vulnerability, and Compliance scanning issues) and provide security guidance throughout the system development lifecycle. This role requires interfacing with multiple stakeholders through multiple touchpoints weekly.

Responsibilities

• Work closely with Product Owners, other ISSOs, ISSMs, and engineering and infrastructure staff to provide guidance on the implementation of security policies, standards, and procedures.
• Analyze new or updated security requirements, collaborate with stakeholders, and develop responses that are clear and accurate.
• Support the review and update of ATO artifacts such as System Security Plans, Information System Contingency Plans, Configuration and Change Management Plans, Incident Response Plans, Privacy Impact Analyses, and more.
• Interpret security risk assessments, review security scan results, assess security vulnerabilities, and support the development and remediation of vulnerability and compliance issues via Plans of Action and Milestones (POA&Ms).
• Support the development and implementation of design documentation.
• Work with engineering and infrastructure personnel to document remediation for vulnerabilities and non-compliance issues.
• Analyze and interpret agency security requirements and provide governance communication to non-security personnel.
• Collaborate with product teams, ISSOs, and other stakeholders in support of continuous monitoring and ATO efforts.
• Conduct vulnerability assessments and monitor systems, networks, databases, and Web-based assets for potential system breaches.
• Recommend and take the lead on implementing changes to enhance security systems, prevent unauthorized access, and help mitigate security vulnerabilities.
• Respond to alerts from information security tools. Report, investigate, and resolve higher-level security incidents.
• Respond to security tool outages and degradations in service, tune security rules and alerts, and set up/maintain security tool dashboards and reporting.
• Research security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach.
• Ensure compliance with regulations and privacy laws. Conduct research to identify new attack vectors.
• Educate and communicate security requirements and procedures to all users and new employees.
• Recommend process improvements to the information system for risk mitigation.
• Support continuous improvement and security automation practices to strengthen the program’s overall security posture.
• Conduct audit log reviews, present findings, and plan for investigation or remediation activities.
• Perform periodic user and privileged access reviews.

Required Qualifications

• Minimum of 8+ years of related experience.
• Must hold a current Security+ certification.
• Bachelor’s degree in Computer Science, Information Systems, Engineering, Business, or a related technical discipline is preferred. Additional relevant experience may be considered in lieu of a degree.
• Experience designing security "baked-in" to architectures including Cloud and IaC, applications, web applications, data processing, data-centric applications, AI/ML, and CI/CD pipelines.
• A proven track record of seeking automation-driven designs.
• Familiarity with Agile methodologies.
• Working knowledge of AWS or Azure security tools, their functionality, and their purpose.
• Ability to assist customers with defining appropriate management processes (responsible for documenting application criticality, privacy, and security impact analysis).
• Knowledge of hardening standards (DISA STIG, CIS).
• Experience with the NIST Risk Management Framework, NIST 800-53 rev5, and NIST 800-171..

Desired Qualifications

• Federal Government contracting work experience.
• Experience as an ISSO for the DoD.
• Highly preferred industry certifications such as CISSP, CEH, GIAC, etc.
• Experience with Security Information and Event Management (SIEM) systems (e.g., Splunk).

Location and Hours

Location: This role is primarily remote; however, the employee must be able to report on-site to Fort Meade, MD when requested due to customer or business needs. The frequency and timing of on-site support may vary and cannot be guaranteed in advance.

Hours: Expected hours are 9:00 AM to 5:00 PM Eastern Time unless otherwise directed by your manager.

Travel: Occasional travel for training and project meetings, estimated to be less than 5% per year.

Benefits:

eSimplicity offers a comprehensive benefits package, including medical, dental, and vision coverage, 401(k) retirement benefits, paid time off, paid holidays, life and disability insurance, and additional wellness and employee support programs. Eligibility may vary based on employment status and applicable plan terms.

Reasonable Accommodation:

eSimplicity is committed to providing reasonable accommodations to qualified individuals with disabilities during the application and hiring process. Applicants who need assistance or an accommodation should contact Human Resources.

Equal Employment Opportunity:
eSimplicity is an Equal Opportunity Employer, including disability and protected veteran status. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, disability, or any other legally protected status.