Technical Security Analyst

Index Analytics LLC is a rapidly growing Baltimorebased small business providing healthrelated consulting services to the federal government. At the center of our company culture is a commitment to instilling a dynamic and employeefriendly place to work. We place a priority on promoting a supportive and collegial team environment and enhancing staff experience through career development and educational opportunities.

The Technical Security Analyst performs cybersecurityrelated tasks designed to safeguard the security of systems and information assets by protecting against unauthorized access modification or destruction.

The Technical Security Analyst demonstrates expertise in various systems administration concepts practices and procedures. They rely on extensive experience and judgment to plan and accomplish goals. They perform a variety of complex tasks and a wide degree of creativity and latitude is expected. They may provide consultation on complex projects and be a toplevel contributor/specialist in the department. They must be an expert at problemsolving identifying risk and communicating results and recommendations to department management.

The Technical Security Analyst will:

• Perform technical support focused on developing operating managing and enforcing security capabilities for systems and networks.

• Analyze information security systems and applications then recommend and develop effective security measures.

• Identify report and resolve security violations.

• Evaluate information technology (IT) infrastructure in terms of risk to the organization and establish controls to mitigate loss.

• Determine and recommend improvements in current risk management controls and system changes or upgrades.

• Implement network security procedures to ensure network security and protect against unauthorized access modification or destruction.

Responsibilities

• Use automated tools to perform static source code and dynamic security testing to identify vulnerabilities and attack vectors in web applications.

• Provide support for proposing coordinating implementing and enforcing information security policies standards and methodologies.

• Perform vulnerability/risk assessment analyses to support certification and accreditation.

• Provide configuration management (CM) for information system security software hardware and firmware.

• Recommend changes to systems and assess the security impact of those changes.

• Prepare and review documentation to include Systems Security Plans (SSPs) Risk Assessment Reports access or incident logs and other documentation.

• Support implement maintain and monitor security and privacy controls in compliance with Federal Information Security Management Act (FISMA) Health Insurance Portability and Accountability Act (HIPAA) Federal Risk and Authorization Management Program (FedRAMP) and National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) requirements and guidance; knowledge of Cybersecurity Maturity Model Certification (CMMC) requirements is a plus.

• Plan document implement assess maintain and monitor security and privacy controls per requirements policies standards processes and procedures.

• Support audits assessments penetration testrelated documentation requests and vulnerability remediate efforts.

• Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses identified in security tests and audits.

• Perform periodic internal audits vulnerability assessments and security testing.

• Maintain current knowledge of relevant security and privacy trends and technology.

Qualifications

• US citizen or Authorized to Work and lived in the US for 3 of the last 5 years. Must be able to obtain a U.S. Federal government client badge and pass a government Public Trust.

• Bachelors degree with at least 4 years of experience or an associates degree with at least 6 years of experience; No degree with at least 8 years of experience will be considered.

• Knowledge of Microsoft Security and Compliance is a must.

• Experience working with Microsoft Defender is required.

• Certified Information Systems Security Professional (CISSP) certification is preferred.

• Certified in Risk and Information Systems Control (CRISC) Computing Technology Industry Association (CompTIA) Advanced Security Practitioner) CASP and/or Certified Information Security Manager (CISM) certification holders will also be considered.

• Handson experience with implementing documenting maintaining and monitoring NIST HIPAA and FedRAMP control requirements.

• Knowledge of FISMA compliance FedRAMP and NIST security guidance and publications HIPAA and related privacy and compliance regulations.

• Experience in enforcing policies procedures and guidelines in a complex environment.

• A good understanding of and ability to communicate security and risk implications to technical and nontechnical audiences.

• Knowledge and experience with security best practices and relevant legislation.

• Excellent interpersonal verbal and written communication and organizational skills; must be able to communicate fluently in English both verbally and in writing.

• Meet deadlines with success.

• Strong analytical organizational and project management skills.

• Ability to thrive in a fastpaced rapidly evolving environment with varying priorities.

• Working knowledge of development security and operations (DevSecOps) principles (such as continuous integration and continuous delivery (CI/CD) test automation etc. process automation and tools.

• Experience evaluating DevSecOps tools such as Amazon Web Services (AWS) CI/CD NewRelic Splunk Git CloudBees Jenkins Docker/OpenShift SonarQube/Fortify/Nessus and LaunchDarkly for security risk and compliance.

• Experience using vulnerability scanners such as Nessus OpenVAS or Nexpose.

• Experience running static analysis/static application security testing tools such as SonarQube Fortify or Veracode.

• Experience running dynamic application security testing tools such as WebInspect AppScan Qualys Burp Suite Pro or OWASP ZAP.

• Proficiency in Microsoft Office (Word Excel PowerPoint) Project and Visio.

• Experience securing cloudbased environments such as Microsoft 365 (Entra Intune Defender) AWS and Azure Cloud.

• Government experience is a plus.

Attention Candidates

Were dedicated to ensuring a safe and transparent recruitment process for all candidates and have implemented robust measures to protect your personal information. Please be aware that all employmentrelated communications will originate from a secure portal or a corporate email address .If you have any concerns please dont hesitate to reach out to us

If you are selected for an interview please be advised that Index Analytics LLC reserves the right to prohibit the use of artificial intelligence (AI) tools including but not limited to AIgenerated responses realtime transcription or automated assistance during the interview process. We value authentic interactions and the opportunity to engage directly with candidates. Any unauthorized use of AI may result in disqualification from consideration.

The salary range provided represents the estimated compensation for new hires in this position applicable across all locations. Actual offers may vary based on factors such as the candidates skills qualifications experience and market conditions. Index complements its base salary offering with a competitive package that includes health and retirement benefits discretionary bonuses and reimbursement for professional development opportunities.

Index Analytics provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race color religion age sex national origin disability status genetics protected veteran status sexual orientation gender identity or expression or any other characteristic protected by federal state or local laws.

This policy applies to all terms and conditions of employment including recruiting hiring placement promotion termination layoff recall transfer leaves of absence compensation and training.