Washington, District Of Columbia, United States
Description
At MetaPhase, we believe Quirky is Cool and being authentic is the only way to be! We take the work we do very seriously and do a lot of important mission-focused work for our clients. We are individuals with different passions and strengths who take as much joy in the work we do as from those we work with. Today, we have a team that is invested in creating new solutions that lean forward, challenge the status quo, but also reflect our intimate knowledge of our customers’ business. Over the years we have fostered a culture in which we are united by shared values—passion, solidarity, generosity, curiosity, and boldness—and these come alive in the work we do and how we do it. Together, we know our people are our difference—for our clients and our colleagues. Are you ready to:- Work alongside a dedicated and diverse set of people to offer honest advice and practical guidance to our clients?
- Learn and grow by taking advantage of every opportunity available to you?
- Join a company which prides itself on its shared values and inclusive culture?
- Be the difference and make it happen?
Role Summary
MetaPhase Consulting is seeking a skilled Security Analyst to join our team to support a federal customer’s cloud computing offerings. As a Security Analyst you will conduct security access assessments and analysis in support of our customers’ systems. Responsibilities include leading the compliance and authorization activities from beginning to end through all the Risk Management Framework (RMF) steps. This includes developing the required documentation to obtain system Authority to Operate (ATO) for cloud services including Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Software as a Service (SaaS) solutions, as well as providing security risk and compliance of one or more information systems hosted within the cloud on PaaS solutions. The Security Analyst works within Scrum Agile DevOps teams to ensure that appropriate security controls are included in the design and implementation, data is appropriately protected, and separation of duties is maintained appropriately across all client systems.
What You Will Be Doing
- Assist in the design of systems, networks and applications to integrate security protections and features required of applicable security controls.
- Prepare all security documentation required in each step of the RMF process such as System Security Plan (SSP) and security control implementation for NIST SP 800-53 for the information system and ensure its entry into GRC systems (e.g., Archangel, Xacta, or similar).
- Represent the system owner through the assessment process to demonstrate security implementation and control compliance.
- Perform analysis of proposed changes, performing security impact and risk assessments to guide System Owners and Chief Information Security Officers in decision making.
- Perform monitoring of access control, network and system logs, anti-virus and related security threat detection systems.
- Review results of vulnerability assessments assisting customers to prioritize remediation based on risk, implement means to track and report progress.
- Manage and report on security incidents, conducting analysis and assisting operations personnel to contain and recover.
- Schedule and conduct incident response and contingency plan tests.
- Update System Security Plans and Contingency Plans to address changes in the environment, policy and standards.
- Manage the Plan of Actions and Milestones (POA&M) updating based on remediation performed, changes to planned corrective actions and adding new risks detected through monitoring.
- Conduct research on emerging products, services, protocols, and standards in support of security enhancement efforts.
- Support information security procedures to safeguard against leakage of confidential data and unauthorized access to network environments.
- Work as part of a matrixed team of security professionals, participating with implementation Scrum teams.
- Performance of other duties as assigned.
What We Need From You (Required)
- 3+ years of relevant work experience
- Experience implementing systems the NIST Risk Management Framework end-to-end through all steps (0-6) for Moderate and/or High Impact systems in the cloud, implementing NIST SP 800-53 rev4 and FedRAMP parameters.
- Experience working with cloud services, specifically one or more of Google Cloud Platform (GCP), ServiceNow, Microsoft Azure, Amazon Web Services (AWS), Unqork, or similar.
- Knowledge of business impact analysis methodologies
- Strong analytical and problem-solving skills
- Ability to adapt to potentially ever-changing situations and ability to work well under pressure
- Knowledge of policy, standards and procedure documentation, and policy maintenance
- Ability to present self in a confident and professional manner
- Ability to deal with all levels of individuals, internal and external
- Excellent communication skills, both written and verbal
- Excellent customer service skills
Bonus Points (Desired)
- Prior experience supporting Federal Government clients
- CISSP, CAP, CISM or CCSP certifications
Work Location
Hybrid – On site work location will be in the DC Metro Area
Travel
None
Education Level
Bachelor’s degree
Clearance Level
Active Secret (or above) Clearance Required; U.S. Citizenship required (NO EXCEPTIONS)
About MetaPhase Consulting
MetaPhase Consulting is different with a purpose - demonstrating a new approach to the industry that puts employees and culture first! We continue to be recognized by industry as one of the fastest growing and most impactful consultancies in the nation, and are aggressively hiring to grow our team:
Fastest Growing
- Inc 5000 Fastest Growing Company - 2020, 2021, 2022, 2023
- Washington Technology Fast 50 Award - 2020, 2021
- Financial Times America's Fastest Growing Companies – 2021, 2022, 2023
Best Places to Work
- Washington Post Top Workplaces – 2022, 2023
- Washington's Business Journal’s Best Places to Work – 2021, 2022
- Virginia Businesses Best Place to Work – 2021, 2022, 2023
- Northern Virginia Technology Council Top 100 Technology Firms – 2020
Company & Individual Awards
- 2021 Washington Business Journal Small Business – CEO of the Year
- 2021 FedScoop 50 – Industry Leadership Award Nominee
- 2021, 2023 Moxie Award Finalist
- 2022 SECAF Government Contractor Awards ($27.5 to $50 Million in Revenue)
- 2022 FedScoop Best Bosses Finalist – Brett McLaren
- 2022 Washington Business Journal 40 under 40 – Brett McLaren
- 2022 FedHealth IT and G2XChange Women in Leadership Awards – Beth Angerman
- 2022 George Mason University Prominent Patriots in Business – Fred Costa
- 2022 TiE DC Capital ELITE Award
- 2023 Elev8 Engage GovCon Finalist
- 2023 Maryland Tech Council ICON Awards Finalist for Government Contracting Company of the Year: Over $50 Million
- 2023 Greater Washington Government Contractor of the Year ($25 to $75 million) Awards Finalist
MetaPhase Consulting is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, or any other factors protected by federal, state, or local law.
#J-18808-Ljbffr