Technical Security Analyst

Index Analytics, LLC, is a rapidly growing, Baltimore-based small business providing health-related consulting services to the federal government. At the center of our company culture is a commitment to instilling a dynamic and employee-friendly place to work. We place a priority on promoting a supportive and collegial team environment and enhancing staff experience through career development and educational opportunities.

The Technical Security Analyst performs cybersecurity-related tasks designed to safeguard the security of systems and information assets by protecting against unauthorized access, modification, or destruction.

The Technical Security Analyst demonstrates expertise in various systems administration concepts, practices, and procedures. They rely on extensive experience and judgment to plan and accomplish goals. They perform a variety of complex tasks, and a wide degree of creativity and latitude is expected. They may provide consultation on complex projects and be a top-level contributor/specialist in the department. They must be an expert at problem-solving, identifying risk, and communicating results and recommendations to department management.

The Technical Security Analyst will:

• Perform technical support focused on developing, operating, managing, and enforcing security capabilities for systems and networks.

• Analyze information security systems and applications, then recommend and develop effective security measures.

• Identify, report, and resolve security violations.

• Evaluate information technology (IT) infrastructure in terms of risk to the organization and establish controls to mitigate loss.

• Determine and recommend improvements in current risk management controls and system changes or upgrades.

• Implement network security procedures to ensure network security and protect against unauthorized access, modification, or destruction.

Responsibilities

• Use automated tools to perform static source code and dynamic security testing to identify vulnerabilities and attack vectors in web applications.

• Provide support for proposing, coordinating, implementing, and enforcing information security policies, standards, and methodologies.

• Perform vulnerability/risk assessment analyses to support certification and accreditation.

• Provide configuration management (CM) for information system security software, hardware, and firmware.

• Recommend changes to systems and assess the security impact of those changes.

• Prepare and review documentation to include Systems Security Plans (SSPs), Risk Assessment Reports, access or incident logs, and other documentation.

• Support, implement, maintain, and monitor security and privacy controls in compliance with Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), Federal Risk and Authorization Management Program (FedRAMP), and National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) requirements and guidance; knowledge of Cybersecurity Maturity Model Certification (CMMC) requirements is a plus.

• Plan, document, implement, assess, maintain, and monitor security and privacy controls per requirements, policies, standards, processes, and procedures.

• Support audits, assessments, penetration test-related documentation requests, and vulnerability remediate efforts.

• Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses identified in security tests and audits.

• Perform periodic internal audits, vulnerability assessments, and security testing.

• Maintain current knowledge of relevant security and privacy trends and technology.

Qualifications

Qualifications

• US citizen or Authorized to Work and lived in the US for 3 of the last 5 years. Must be able to obtain a U.S. Federal government client badge and pass a government Public Trust.

• Bachelor's degree with at least 4 years of experience or an associate’s degree with at least 6 years of experience; No degree with at least 8 years of experience will be considered.

• Knowledge of Microsoft Security and Compliance is a must.

• Experience working with Microsoft Defender is required.

• Certified Information Systems Security Professional (CISSP) certification is preferred.

• Certified in Risk and Information Systems Control (CRISC), Computing Technology Industry Association (CompTIA) Advanced Security Practitioner) CASP+, and/or Certified Information Security Manager (CISM) certification holders will also be considered.

• Hands-on experience with implementing, documenting, maintaining, and monitoring NIST, HIPAA, and FedRAMP control requirements.

• Knowledge of FISMA compliance, FedRAMP and NIST security guidance and publications, HIPAA, and related privacy and compliance regulations.

• Experience in enforcing policies, procedures, and guidelines in a complex environment.

• A good understanding of and ability to communicate security and risk implications to technical and non-technical audiences.

• Knowledge and experience with security best practices and relevant legislation.

• Excellent interpersonal, verbal, and written communication and organizational skills; must be able to communicate fluently in English both verbally and in writing.

• Meet deadlines with success.

• Strong analytical, organizational, and project management skills.

• Ability to thrive in a fast-paced, rapidly evolving environment with varying priorities.

• Working knowledge of development, security, and operations (DevSecOps) principles (such as continuous integration and continuous delivery (CI/CD), test automation, etc.), process automation, and tools.

• Experience evaluating DevSecOps tools such as Amazon Web Services (AWS) CI/CD, NewRelic, Splunk, Git, CloudBees Jenkins, Docker/OpenShift, SonarQube/Fortify/Nessus, and LaunchDarkly for security risk and compliance.

• Experience using vulnerability scanners such as Nessus, OpenVAS, or Nexpose.

• Experience running static analysis/static application security testing tools such as SonarQube, Fortify, or Veracode.

• Experience running dynamic application security testing tools such as WebInspect, AppScan, Qualys, Burp Suite Pro, or OWASP ZAP.

• Proficiency in Microsoft Office (Word, Excel, PowerPoint), Project, and Visio.

• Experience securing cloud-based environments such as Microsoft 365 (Entra, Intune, Defender), AWS and Azure Cloud.

• Government experience is a plus.

Attention Candidates

We're dedicated to ensuring a safe and transparent recruitment process for all candidates and have implemented robust measures to protect your personal information. Please be aware that all employment-related communications will originate from a secure portal (NAME@msg.paycomonline.com) or a corporate email address (NAME@index-analytics.com). If you have any concerns, please don't hesitate to reach out to us at recruiting@index-analytics.com.

If you are selected for an interview, please be advised that Index Analytics LLC reserves the right to prohibit the use of artificial intelligence (AI) tools, including but not limited to AI-generated responses, real-time transcription, or automated assistance during the interview process. We value authentic interactions and the opportunity to engage directly with candidates. Any unauthorized use of AI may result in disqualification from consideration.

The salary range provided represents the estimated compensation for new hires in this position, applicable across all locations. Actual offers may vary based on factors such as the candidate's skills, qualifications, experience, and market conditions. Index complements its base salary offering with a competitive package that includes health and retirement benefits, discretionary bonuses, and reimbursement for professional development opportunities.

Index Analytics provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.