IT Security and Compliance Analyst

Company Description

Ashburn Consulting, a Small Business based in the Washington, DC metropolitan area, specializes in providing network and network security solutions in complex environments to a select set of government and business clients. The company, an established leader in its field, is composed of an elite team of engineers and business consultants, each of whom is recognized —and highly regarded—within the network and security communities.

Job Description

We are seeking a highly motivated Security Compliance Analyst to oversee the development, implementation, and maintenance of security policies and procedures to ensure compliance with industry standards and regulations. This role will involve conducting regular security assessments, responding to security incidents, monitoring security technologies, and ensuring the organization remains in compliance with frameworks such as NIST 800-53. The ideal candidate will have strong expertise in cybersecurity principles, vulnerability management, and security technologies. 

Key Responsibilities: 

• Incident Reporting: Immediately report any security incidents to the Information Systems Security Officer (ISSO) and IT Service Group (ITSG) leadership. Ensure timely and accurate documentation of all incidents for future analysis and reporting. 

• Policy and Procedure Development: Develop, implement, and maintain the organization's information security policies, procedures, and standards to ensure robust protection of sensitive data and compliance with relevant regulations. 

• Security Assessments: Conduct regular security assessments, vulnerability scans, and risk assessments to identify and mitigate potential security risks across systems, applications, and networks. 

• Monitoring Security Technologies: Monitor and manage security technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus solutions, and encryption mechanisms to detect and respond to threats in real-time. 

• Security Control Audits: Perform regular audits of security controls for access management, identity and authentication systems, and data protection mechanisms to ensure compliance with security policies and standards. 

• Incident Response: Respond to and investigate security incidents, coordinating with incident response teams when necessary. Conduct root cause analysis to understand the source of incidents and implement corrective actions. 

• Compliance and Regulatory Adherence: Ensure compliance with all relevant regulations, standards, and frameworks (e.g., NIST 800-53, FISMA, HIPAA, etc.). Work with other teams to achieve and maintain security certifications and assessments. 

• Security Awareness Training: Provide security awareness training to end-users, including conducting periodic drills to ensure readiness in the event of a security breach or threat. 

• Emerging Threats and Technologies: Stay updated on emerging cybersecurity threats, vulnerabilities, technologies, and best practices. Recommend and implement new security measures and tools as necessary. 

• Documentation: Document all security configurations, incident responses, risk assessments, and compliance status reports for internal and external auditing purposes. Ensure records are up-to-date and easily accessible. 

• Vulnerability Scanning and Reporting: Regularly scan for vulnerabilities and exploits within the organization’s systems, reporting findings to NOAA Cybersecurity and coordinating the response to identified issues. 

Qualifications

Required Skills & Qualifications: 

• Relevant Certifications: Industry-recognized certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CompTIA Security+, or equivalent certifications are required. 

• Cybersecurity Knowledge: In-depth knowledge of cybersecurity principles, practices, and technologies. Familiarity with various cybersecurity tools and solutions (e.g., firewalls, IDS/IPS, encryption). 

• Security Technologies Expertise: Experience with security technologies, including firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), antivirus software, and encryption protocols. 

• Access Control and Data Protection: Strong understanding of access control technologies, identity management systems, and data protection methods to ensure security of sensitive information. 

• Security Risk Management: Proven ability to perform security assessments, vulnerability scans, and risk assessments to identify security weaknesses and implement remediation actions. 

• Compliance and Regulatory Adherence: Ensure compliance with all relevant regulations, standards, and frameworks (e.g., NIST 800-53, FISMA, HIPAA, etc.). Work with IT operations teams and system administrators to review, implement, and revise processes, procedures, and system configurations to achieve and maintain system security and compliance. 

• Security Technologies Expertise: Experience with the implementation, purpose and user of security technologies, including firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), antivirus software, and encryption protocols in an enterprise IT environment. 

• Experience with Virtual Environments: Hands-on experience managing and securing virtualized IT systems and ensuring their compliance with secure configuration standards such as STIGs. 

Preferred Qualifications: 

• Advanced Certifications: Additional certifications such as Certified Ethical Hacker (CEH), CompTIA Cybersecurity Analyst (CySA+), or other advanced certifications are a plus. 

• Experience with Security Tools: Familiarity with security information and event management (SIEM) tools and security orchestration and automation platforms. 

• Cloud Security Knowledge: Experience securing cloud environments (AWS, Azure, etc.) and understanding cloud-specific risks and controls. 

• Experience with Virtual Environments: Hands-on experience configuring and securing virtual machines (VMs) and ensuring their compliance with security standards such as STIGs. 

1. In-depth knowledge of cybersecurity principles, practices, and technologies.

1. Strong knowledge of IT compliance frameworks such as NIST 800-53, FISMA, etc. 

1. Experience conducting or supporting security assessments 

Additional Information

Equal Opportunity Employer/Veterans/Disabled. An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status

Ashburn Consulting is an Equal Opportunity Affirmative Action Employer.
In compliance with the American with Disabilities Act Amendments Act (ADAAA), if you have a disability and would like to request and accommodation in order to apply for a position with Ashburn Consulting, please e-mail hr@ashburnconsulting.com.”