Information Security Analyst

Overview
DRT Strategies delivers expert management consulting and information technology (IT) solutions to large federal agencies, the U.S. Navy, state and local government and commercial clients in health care, technology, and financial services industries.
The three letters of our name, DRT, stand for Driving Resolution Together, which is the core philosophy on which the company was founded. That is, we collaborate with our clients to solve their most pressing challenges - together.
We are problem solvers dedicated to your success, combining Fortune 500 experience with small business responsiveness. We have established a reputation with our clients as a forward-thinking consulting firm with demonstrated success in implementing solutions that lead to meaningful results. Our world-class consultants unite people to work collaboratively to achieve project goals and make vision a reality.
Project Description:
DRT provides public health, technology, data, communications, and visualization support to enhance the government’s ability to use public health data to address diverse, complex, and emerging problems. This includes designing and developing application and database solutions. In addition, this team develops innovative data capture and analysis techniques to enhance safety research and recommendation efforts across the country.
Job Summary:
The Information Security Analyst will be responsible for safeguarding the confidentiality, integrity, and availability of CDC's information systems and data, and will work alongside cybersecurity experts, IT professionals, and public health experts to ensure robust information security practices and compliance with federal standards.
Responsibilities:

• Implement and manage security monitoring tools, including intrusion detection systems (IDS) and security information and event management (SIEM) systems, to detect and respond to potential security threats.
• Perform routine vulnerability assessments and risk assessments across systems, networks, and applications. Collaborate with IT teams to address findings and mitigate identified vulnerabilities.
• Participate in incident response efforts, including investigating security breaches, coordinating with relevant stakeholders, and documenting actions taken.
• Assist in the development and implementation of information security policies, procedures, and security controls. Ensure compliance with federal regulations and industry best practices, including NIST SP 800-53, FISMA, and HIPAA (where applicable).
• Support initiatives to protect sensitive information and ensure the proper encryption, backup, and access control mechanisms are in place.
• Provide training and awareness programs to employees on information security best practices, threat identification, and reporting.
• Assist in conducting internal audits and risk assessments, ensuring compliance with applicable security regulations, guidelines, and CDC standards.
• Work with cross-functional teams within CDC to ensure consistent security practices across all projects and operations.
• Maintain accurate and detailed security documentation, including security plans, incident reports, risk assessments, and audit logs.

Required Experience:

• At least 8 years of experience in information security, cybersecurity, or IT systems administration.
• Experience working with NIST 800-53, FISMA, HIPAA, FEDRAMP, and other applicable standards.
• Knowledge of security tools and technologies such as firewalls, IDS/IPS, endpoint protection, and vulnerability scanning software.
• Familiarity with cloud security, mobile device management, and encryption protocols is a plus.

Preferred Experience:

• Strong understanding of network security principles, incident response, and vulnerability management.
• Ability to perform detailed technical analysis of security incidents and create effective mitigation plans.
• Experience with security tools such as Splunk, Nessus, Qualys, or similar SIEM and vulnerability management platforms.

Salary Range:

• $73,000-$97,200
• Salary commensurate with experience

Education & Training:

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
• Certifications such as CISSP, CISM, CEH, or CompTIA Security+ are preferred.