Senior Information Security Analyst

Knowledge Services, a leading multidisciplinary organization in the software, professional services, and cyber security industry, is seeking a seasoned Senior Information Security Analyst. This role represents a unique opportunity to become a key member of an exciting and growing organization driven by a commitment to excellence, innovation, and a passion for “Serving Those Who Serve Others.”

As a member of the StateRAMP Program Management Office (PMO), you will play a crucial role in addressing security-related challenges. You will identify and document gaps discovered during assessments, communicate these findings effectively, and provide valuable insights during meetings with Cloud Service Providers (CSPs) and representatives from Third-Party Assessment Organizations (3PAOs).

This position entails evaluating and monitoring the security measures of Cloud Service Providers (CSPs) during the StateRAMP authorization process and throughout the continuous monitoring phase to detect potential security vulnerabilities. The role is crucial for ensuring CSP’s solutions have effectively implemented the NIST SP 800-53 framework and StateRAMP requirements.

This position is responsible for ensuring that security measures align with the stringent requirements set forth by StateRAMP and the implementation of security technologies across CSP solutions that meet the NIST SP 800-53 framework.  This involves conducting thorough assessments of CSP ‘s system security product for StateRAMP authorization, analyzing and reporting on CSP’s continuous monitoring, and evaluating products in StateRAMP Security Snapshot program.  Additionally, the position will analyze reports for areas of risk and deficiencies, assess security vulnerabilities, make recommendations for improvements, and report compliance gaps that could jeopardize data integrity and confidentiality.

• Bachelor’s degree in computer science, information technology, information assurance, cybersecurity, or related field.
• In lieu of a degree, consideration will be given to an equivalent combination of related education and work experience.
• 3-5 years of prior experience in information security compliance, information security auditing, vulnerability management, and/or information security with a focus on NIST SP 800-53.
• Detailed knowledge of security and privacy standards and best practices, including current NIST Special Publication 800 series (800-53, 800-137, 800-145).
• Demonstrate excellent communication skills and the ability to drive reporting and security assessment activities.
• One or more of the following security certifications (or other relevant security certifications/experience):
• CRISC
• CISA
• SSCP
• CCSP
• GCLD
• GCIH
• Associate of (ISC)²
• CompTIA Security+
• Certified Ethical Hacker
• US Citizenship

Preferred Qualifications:

• Experience with one or more of the compliance areas: IRS 1075, MARS-E 2.0, FERPA, NERC, SOC 2, ISO 27001.
• Experience with StateRAMP or FedRAMP.
• Understanding of major CSPs (AWS, Azure, Google).
• Understanding of Agile framework/methodology.
• Experience in any of the following areas: Incident detection, technical writing, vulnerability scanning, system administration, network monitoring, endpoint security, vulnerability remediation, event analysis/investigation, firewall configuration/management

Additional Information:

This role additionally augments and assists Service Providers and 3PAOs with guidance, documentation review, and analysis of security packages pre-audit, and provides best practices and guidance to providers working to become StateRAMP Ready and Authorized. The Information Security Analyst will part of the StateRAMP PMO team and report to the StateRAMP PMO Manager.