5 to 8 years of progressively responsible experience in information security, cyber risk management, or IT security operations, including at least 3 years of hands-on experience in system security analysis, vulnerability management, or incident response within a Federal Information Systems Security or equivalent enterprise environment
Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field; Security+ CE certification; higher-level certifications (e.g., CISSP, CISM, CEH, CAP) preferred and may substitute for additional years of experience
Strong knowledge of FISMA, NIST Special Publications, OMB, RMF, and ISCM Plan development; familiarity with IRS infrastructure, enterprise lifecycle (OneSDLC), VPN/encryption technologies, and cloud/FedRAMP concepts
Requirements:
Perform system security analysis, vulnerability management, and incident response within a Federal Information Systems Security or equivalent enterprise environment
Support RMF, FISMA, NIST SPs, OMB, and ISCM Plan development; assist in security control assessment and continuous monitoring for IRS systems
Conduct technology risk assessments covering web services, network appliances, and software; contribute to security engineering, analysis, and system modeling
Collaborate with IRS business units and IT processes; utilize Qmulos Q-Compliance, SharePoint, Scanning tools, ServiceNow GRC, and SPLUNK to monitor security posture and drive remediation
Job description
cFocus Software seeks a Journeyman Information Security Analyst to join our program supporting the Internal Revenue Service (IRS). This position is remote. This position requires a Public Trust clearance.
Qualifications:
Active Public Trust clearance
5 to 8 years of progressively responsible experience in information security, cyber risk management, or IT security operations.
Must include at least 3 years of hands-on experience in system security analysis, vulnerability management, or incident response within a Federal Information Systems Security or equivalent enterprise environment.
Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field.
Security+ CE certification required.
Higher-level certifications (e.g., CISSP, CISM, CEH, CAP) preferred and may substitute for additional years of experience.
Knowledge of FISMA, NIST Special Publications, OMB, Risk Management Framework (RMF), and ISCM Plan development.
IT security knowledge with desired Professional Certifications from the International Information System Security Certification Consortium (ISC)2, the International Society for Automation (ISA), the Project Management Institute (PMI), CompTIA, or the SANS Institute
Knowledge of the IRS infrastructure, technologies and general support systems is highly desirable
Knowledge and experience with technology risk assessments covering Webservices, network appliances and software
Knowledge and experience the IRS Enterprise Lifecycle and OneSDLC
Knowledge of System Interconnections to include virtual private network VPN) and other encryption technologies
Knowledge and experience with cloud systems, CSPs, and FedRAMP requirements
Knowledge of IRS Business Units and IT enterprise processes organizational processes within the
Knowledge/experience with Qmulos Q-Compliance, SharePoint, Scanning tools, ServiceNow GRC, SPLUNK
Knowledge and experience with technology security engineering, analysis, and assessment
Knowledge and experience with security architecture principles and system modeling
