Return to Job Search
Information Assurance Security Analyst (SR) (0048) Jun 26, 2018
Austin, TX  
Security Analyst, Senior (0048)
Information Assurance Security Analyst
Location: Austin, TX

Security Analyst has experience in the concepts, terms,
processes, policy and implementation of information
security. Must have experience and knowledge of the latest
security measures at all stages of an information system
life cycle. Must have the ability to solve complex
problems involving a wide variety of information systems.
Must be able to understand and differentiate between
critical and non-critical systems and networks

The Contractor shall provide 24x7x365 support as required
to the Information Assurance Service Line
which provides support for Assessment and Authorization
(A&A) processes and Continuous
Monitoring for 300+ Minor and Major applications serving
ITOPS IO datacenters as well as
expanding Major application support for Other Government
Agencies. Technically, all 300+ A&As are
continuously ongoing year around and are part of continuous
Contractor shall ensure the Contractor-provided analysts
maintain subject matter expertise level of a
Certified Authorization Professional (CAP®). on related
criteria and guidance such as Federal
Information Systems Management Act (FISMA)n, NIST Special
Pubs, OMB Memorandum, Privacy Act,
HIPAA, applicable VA directives and handbooks IAW 2.0, and
local directives and handbooks.
The Contractor shall:
1. Experience using governance risk and compliance tools.
Research and gather data relevant to the development of
security artifacts through multiple
techniques such as interview or the use of automated tools
and data repositories (e.g. CA SDM,
Agiliance Risk Vision Governance Risk and Compliance tool,
SharePoint, Vulnerability
Management Database)
2. Develop and maintain A&A security artifacts and
supporting documentation that meets all
applicable FISMA, NIST, VA and ITOPS IO criteria to
a. System Security Plan
b. Contingency Plan
c. Risk Assessments
d. Privacy Impact Assessment
e. Privacy Threshold Analysis
f. Incident response plan
g. Configuration Management Plan
h. Security Configurations Checklists
i. Interconnection Security Agreements
j. Self-Assessment
k. Security Impact Analysis
3. Act as the customer liaison for A&A processes and
related requirements providing timely,
courteous and informative Customer Service
4. Coordinate and monitor the progress of vulnerability
scanning and compliance testing from
NSOC and ITOPS IO Technical Security
5. Monitor changes to the application such as key
stakeholders, hardware, software, hosting
environment using provided tools such as CA Service Desk
Manager. Monitor flaw remediation
using tools such as Nessus Enterprise Web Tool (NEWT).
6. Analyze and recommend to COR/ITOPS IO VA PM(s)
information assurance policy guidance to
disseminate to both internal and external customers. Any IA
policy guidance changes shall be
approved by the COR/VA PM prior to any dissemination.
7. Assess security controls for annual FISMA self-
assessment testing through interviewing
stakeholders, documentation review, analyzing scan results,
and reviewing other audits/reviews
for applicable findings.
8. Provide status updates as requested to COR/VA PM(s).
9. Act as liaison to the customer to provide audit support
for both internal and external audits and reviews.
10. Review and respond to audit provided by customer
requests through COR/VA PM(s).
11. Periodically perform user-acceptance testing of the
tools and features within the Agiliance
Governance Risk and Compliance (GRC) tool utilized for A&A
12. Perform user-acceptance testing of Standard Operating
Procedures and Job Aid materials that are used internally
by the Information Assurance Service Line staff.
Developing and updating A&A security artifacts such as
security plans, contingency plans, risk assessments,
privacy impact assessments, incident response plans,
configuration management plans, configurations checklists,
and interconnection security agreements. This business
also includes continuous monitoring, self-assessment
testing, and audit and compliance support.


Steady employment with no lapses between jobs
Experience with governance risk and compliance tools
NIST 800-53 experience
FISMA compliant Assessment and Authorization experience
Certification and Accreditation experience
Knowledge of emerging trends in IT, and how they relate to
IT security (cloud computing, mobile computing,
virtualization, PCI and SOC compliance)
Advanced knowledge of SIED, FIN, DLP, IDS/IPS, firewall and
anti-virus/malware solutions
Advanced knowledge of information security principles and
practices: security risk assessment standards, risk
assessments methodologies, and vulnerability assessment
Experience implementing policies, procedures and practices
to meet PCI requirements
Risk Management Framework experience
CISSP or CAP certified
Self-motivated and assertive
Ability to set priorities and adapt to changes in a quick,
professional manner
Excellent oral and written communication skills with
internal and external stakeholders at every level
Organizational skills which enable tracking and meeting
multiple concurrent long and short term project milestones
Ability to interact with internal and external stakeholders
at every level
Ability to use discretion when handling confidential
Strong analytical, reasoning and problem solving skills


Candidate must have the ability to solve complex problems
involving a wide variety of information systems.
Candidate must be able to understand and differentiate
between critical and non-critical systems and networks.
If you have previously submitted your resume input your login and password and click apply.
Click here if you are applying for the first time.