Security Analyst II

Must be IAM Level I Certified to be considered

• Support a risk management framework (RMF) program in compliance with industry regulations.
• Develop, implement, and monitor a comprehensive enterprise information security and IT risk management strategy.
• Perform infrastructure and application penetration testing, physical security assessments, and social engineering tests.
• Conduct risk analysis and security audit services, developing analytical reports as required.
• Simulate adversarial cyber activities to identify weaknesses, enumerate vulnerabilities, and assess the overall security posture of networks and information systems.
• Assist with selecting cost-effective security controls to mitigate identified risks.
• Ensure consistent application of policies and standards across all technology projects, products, systems, and services within the program.
• Maintain compliance with information systems and procedures standards.
• Perform IT security risk assessments and recommend actions to minimize threats.
• Monitor security vulnerabilities and potential hacking threats in network and host systems.
• Review investigations following breaches or incidents, including impact analysis and providing recommendations to avoid similar vulnerabilities.
• Conduct real-time analysis of immediate threats and manage incident triage.
• Maintain an up-to-date understanding of system vulnerabilities, threats, and risks to develop strategies and actionable plans for protection.
• Ensure compliance with changing laws and applicable regulations.
• Schedule and conduct periodic security audits.
• Communicate cybersecurity policies and procedures to relevant personnel and enforce compliance.
• Brief stakeholders on the status of security efforts, emerging threats, and risks.