What are the responsibilities and job description for the IT Security Analyst position at Masterapp Labs?
Job Details
Job Title: IT Security Analyst
Location: Lansing, Michigan
Work preference: Onsite 2 days a week (Tuesdays and Wednesdays) and WFH the remaining 3 days
Interview: Virtual Interview via MS Teams video. Please use laptop and be prepared so share screen if asked, May be 2nd round in person.
Candidates MUST be local at time of submission. Hiring manager is not currently interested in candidates who will need to relocate to accept offer.
Duration: 1 year with possible extension
Job Description:
- Create SSPs via collaboration with MDOT Automation Managers, System Owners, System Security Administrators, and project team for new applications in alignment with the Secure Application Development Life Cycle and Michigan Security Accreditation Process.
- Maintain SSPs for existing applications requiring ATO and those facing software and/or hardware enhancements.
- Collaborate with business representatives to establish system registration.
- Identify security testing and system scanning requirements.
- Perform risk assessments and provide responses for security controls.
- Continuously monitor plans of action and milestones and corrective action plans as they relate to the SSPs in collaboration with the MDOT Enterprise Information Management office.
- Validate respective SSPs to ensure NIST control requirements are met.
- Author recommendations associated with findings on how to improve the customer's security posture in accordance with SOM Policies, Standards, and Procedures, and NIST (National Institute of Standards and Technology) controls.
- Assist team members and vendors with proper artifact collection to satisfy assessment requirements.
- Coordination of scanning activities/enterprise activities with MCS, tech leads, and business areas.
- Assist with performing system Data Classifications part of the SSP/ATO process.
Preferred/Desired Skills:
- CISSP, CISA, PMP and/or Security Certification.
- Experience with other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements (2 Years)
- Experience working with software vendors to implement security controls
Skill Matrix:
| Experience | Total Experience | Total Experience |
|---|---|---|
| Analyzing and applying information security principles and practices | 1 years | |
| Reviewing IT systems/applications with basic knowledge of networking components and various operating systems | 1 years | |
| Analyzing NIST Special Publications 800-37 Revision 1, 800-53 Revision 3, 4, or 5, and 800-53A Revision 1 | 1 years | |
| Strong written and verbal communication skills, including explaining technical matters to a non-technical audience | ||
| CISSP, CISA, PMP, and/or Security Certification (highly desired) |
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
