• Security Analyst

    Cognosante Mc Lean, VA 22106

    Job #1775118216

  • Security Clearance required:

    Able to obtain Public Trust

    Cognosante is on a mission to transform our country's healthcare and national security systems. With our health and security-focused solutions, we help public sector organizations achieve the important task of providing the best possible public services to American Citizens. From Enterprise IT, Data Science, and Security Services, to full-scale Consumer Engagement and Interoperability solutions, we are moving government services forward with transformation and innovation. Learn how we are making a difference in people's lives today!

    Job Description

    We are seeking a seasoned Security Analyst with experience in cyber security policies and threat mitigation. Must have knowledge and experience in cyber security tools, network topologies, intrusion detection, PKI, and secured networks. Must understand processes and activities associated with implementation and security levels and roles necessary for successful deployment. The candidate will be assigned to support of VA Cloud Operations and Migration Services (COMS) capability to provide operational input and support for the operations, maintenance, and refinement of VA's Enterprise Cloud (VAEC) environment, execution support for migrating new and legacy VA applications and services to cloud computing and continuous improvement of VA's IT infrastructure.

    Key Responsibilities

    • Direct, ensure the effectiveness of, and/or oversee the work of teams of security analysts assigned to support each of the above disciplines

    • Apply domain-specific security knowledge and subject matter expertise to ensure the successful execution of security management functions

    • Analyze systems, data, and operating environments to determine appropriate safeguards and evaluate the effectiveness of implemented security controls

    • Validate the configuration of servers, workstations, network devices, and other equipment against government or industry security standards

    • Perform security testing on applications, networks, and operating environments, using automated and/or manual methods appropriate for the IT assets being tested

    • Analyze the results of vulnerability scans, configuration checks, and security alerts to identify and understand weaknesses or deficiencies and determine remedial actions

    • Create, update, and maintain technical and security documentation about systems, networks, and operating environments

    • Possess ability to identify key concepts, factors and risks based on conversations and document these in clear and concise narrative or graphic reports.

    • Provide security expertise/perspective to support operational processes and procedures including configuration control, maintenance, continuity of operations, and incident response

    Security Access Management

    • Identity and access management, privileged identity management, and system access monitoring

    • Mainframe security on IBM and Bull mainframe platforms and related systems

    • End-user and privileged authentication and authorization

    Risk Management

    • Support for internal and external compliance audits and assessments

    • Risk identification, assessment, response, tracking, and monitoring

    • Monitoring and management of findings and corresponding corrective actions

    • Development and reporting of security metrics

    Information Assurance

    • Support security assessment and authorization processes and activities, including developing or contributing to the development of security documentation and other artifacts

    • Monitor changes to applications, networks, infrastructure, and operating environments

    • Provide audit support for internal and external audits and reviews

    Technical Security

    • Operating, maintaining, and tuning security tools deployed in data centers housing mission critical data and systems

    • Detect, respond to, and forward critical security alerts related to compliance policy violations, new or emerging threat sources and vulnerabilities, and Advanced Persistent Threats (APTs)

    • Implementing and executing incident response procedures

    • Performing vulnerability and compliance scanning and assessments

    • Collecting and aggregating log and security event information

    • Maintaining web application protection and web application vulnerability monitoring, assessment, and reporting

    • Reviewing and maintaining Standard Operating Procedures for intrusion detection and prevention, security information and event management, incident response, vulnerability assessment, and other applicable security activities and processes

    Application Administration

    • Patching, upgrading, and maintaining server operating system platforms

    • Performing web development (including scripting and/or programming) for audit and risk management application

    • Support application development activities for configuration and maintenance

    • Develop and maintain complex and ad hoc reports and dashboards for security and risk management information

    • Providing customer support, including telephone, email, and message channels, for risk management application

    • Developing and delivering technical documentation and user guides

    Required Qualifications

    • A minimum of 5 years of relevant work experience

    • Bachelor's degree in computer science, electronics engineering or other engineering or technical discipline is required. (8 years of additional relevant experience may be substituted for education)

    • Thorough knowledge to create plans to assure effective management, operations, and maintenance of systems and/or networks

    • Manages teams of system admins and is able to prioritize work and identify high risk critical problems and dedicate appropriate resources

    • Has extensive knowledge of a wide variety of systems and networks to include high volume/high availability systems.

    Candidates that do not meet the required qualifications will not be considered.

    Preferred Qualifications

    • One or more advanced security certifications (e.g., CISSP, CISM, GCPM, CSLC, etc.)

    • Advanced or specialized security certification in disciplines such as penetration testing, incident handling, intrusion analysis, or computer forensic investigation

    • ITIL certification

    • Experience with VA's configuration of IBM Rational Toolset for management, configuration and reporting of work products.

    • Experience with Agiliance Risk Vision or similar governance, risk, and compliance management tools

    • Familiarity with the VA Handbook 6500 and subordinate publications

    • Experience working in a ITIL, ISO 20000, or ISO 27000 environment

    • Active clearance for Public Trust (High-Risk) Position

    • Expert-level knowledge of federal security laws, regulations, and standards, including but not limited to FISMA, HIPAA, NIST CyberSecurity Framework, FIPS Publications, and Special Publications

    • Familiarity with all phases of the NIST Risk Management Framework and the achievement and maintenance of authorization to operate (ATO) for federal information systems

    • Prior experience performing or overseeing continuous monitoring/continuous diagnostics and mitigation activities

    • Ability to obtain Public Trust (High-Risk) Position security clearance

    We're solving Americans' health and safety challenges with technology, innovation, and purpose.

    At Cognosante, we help improve how the nation delivers services to its citizens through innovation and transformation. We're committed to creating positive results with lasting impact, and are always looking for passionate people who share our values to join the Cognosante family.

    Cognosante was founded to address a critical gap in the health IT market-the need for a smart, nimble company, unencumbered by legacy systems and unafraid to challenge accepted wisdom. We have been able to extend out impact beyond health and into security and social services. Our continued success is the result of our expertise and insights, combined with our actively fostering a culture that encourages diversity of people and ideas.

    Every day, we help government agencies solve difficult problems. We're ensuring health professionals have accurate, secure, and timely health data so Americans get the healthcare they need. We help Federal and State agencies navigate healthcare reform and empower their technology transformations. We're addressing the social determinants of health to remove barriers to healthcare access. And, we're proud to help our military do its job more safely by leveraging stronger IT networks and using cybersecurity and biometrics technologies that replace outdated legacy solutions. We're also helping create more options for Veterans, active duty military personnel, and their families to obtain health services in their communities.

    Passion for what we do. Pride in how we do it. At Cognosante we are all VIPS. We create value by being enterprising. We develop innovative ideas and solutions. We perform at our best and deliver results. We share achieved results and recognitions.

    Are you ready to make a difference in the lives of millions? Join us.

    Highlighted Benefits for Full-time Employees

    •Medical • Dental • Vision • 401k • Flexible Spending Accounts • Paid Time Off • Work/Life Solutions • Pet Insurance

    Cognosante is an equal opportunity employer (~~~) . We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. If you'd like to view a copy of the company's affirmative action plan or policy statement, please email ~~~ . Cognosante is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to ~~~ and let us know the nature of your request and your contact information.

    T o all recruitment agencies: Cognosante does not accept unsolicited agency resumes. Please do not forward unsolicited resumes to our requisitions, any Cognosante email address, any Cognosante employee, or to any company location. Cognosante is not responsible for any fees related to unsolicited resumes.

    COVID-19 isn't stopping our hiring process nor our business as (semi) usual. We're still reaching candidates, virtually and we're still working, remotely! Are you a self-starter who likes to work from home and is interested in this position? Apply today!

    Quick tips on virtual hiring success:

    • Test your tech -make sure your internet connection and video conferencing program are both working prior to your interview.

    • Dress appropriately -dress for success and ensure your surroundings are tidy.

    • Be prepared -do your homework, rehearse your responses to key interview questions, and prepare your own questions.

    • Be personable -make eye-contact, smile often, and demonstrate enthusiasm for the role.

    • Remove distractions -engage with the interviewer by removing all distractions, including your smartphone.

  • You Can Also Try Searching