IT Security Analyst

07th February, 2025

IT Security Analyst 2 #1016401 Job Description: Top Skills & Years of Experience Required: 1+ Years experience in the IT industry analyzing and applying information security principles and practices 1+ Years experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems 1+ Years experience analyzing the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3,4 or 5, and 800-53A Revision 1. Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience CISSP, CISA, PMP and/or Security+ Certification is highly desired. Description:

The Security Analyst is responsible for completing and maintaining system security plans (SSP) for new and existing systems. The system security plans are documented in the Governance, Risk, Compliance tool. This requires close coordination with IT project teams, tech leads, business and enterprise security representatives, and product owners, to establish and maintain processes and security controls for systems, and to identify security vulnerabilities and coordinate remediation plans. Security Analysts are assigned resources for DTMB development projects. Security Analysts are typically not assigned resources and are available for consult, if needed, for Commercial off the Shelf (COTS) procurement phase projects. For COTS implementation phase projects, Security Analysts are typically listed resources to navigate SSP/Authority to Operate (ATO) activities with Michigan Cyber Security (MCS) to support security requirements to Go Live. Responsibilities:

Create SSPs via collaboration with MDOT Automation Managers, System Owners, System Security Administrators, and project team for new applications in alignment with the Secure Application Development Life Cycle and Michigan Security Accreditation Process. Maintain SSPs for existing applications requiring ATO and those facing software and/or hardware enhancements. Collaborate with business representatives to establish system registration. Identify security testing and system scanning requirements. Perform risk assessments and provide responses for security controls. Continuously monitor plans of action and milestones and corrective action plans as they relate to the SSPs in collaboration with the MDOT Enterprise Information Management office. Validate respective SSPs to ensure NIST control requirements are met. Author recommendations associated with findings on how to improve the customer's security posture in accordance with Policies, Standards, and Procedures, and NIST (National Institute of Standards and Technology) controls. Assist team members and vendors with proper artifact collection to satisfy assessment requirements. Coordination of scanning activities/enterprise activities with MCS, tech leads, and business areas. Assist with performing system Data Classifications part of the SSP/ATO process. Required Skills:

1+ Years experience in the IT industry analyzing and applying information security principles and practices 1+ Years experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems 1+ Years experience analyzing the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3,4 or 5, and 800-53A Revision 1. Experience working independently and in a team environment Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience Ability to collaborate on multiple projects/efforts at a given time Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change Preferred/Desired Skills:

CISSP, CISA, PMP and/or Security+ Certification. Experience with other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements (2+ Years) Experience working with software vendors to implement security controls Additional Info:

At FastTek Global,

Our Purpose

is

Our People

and

Our Planet . We come to work each day and are reminded we are

helping people find their success stories . Also,

Doing the right thing is our mantra . We act responsibly, give back to the communities we serve and have a little fun along the way. We have been doing this with pride, dedication and plain, old-fashioned hard work for

24 years ! FastTek Global is a financially strong, privately held company that is

100% consultant

and

client focused . We've differentiated ourselves by being

fast, flexible,

creative

and

honest . Throw out everything you've heard, seen, or felt about every other IT Consulting company. We do unique things and we do them for Fortune 10, Fortune 500, and technology start-up companies. Our benefits are second to none and thanks to our

flexible benefit

options you can choose the benefits you need or want, options include:

Medical and Dental (FastTek pays majority of the medical program) Vision Personal Time Off (PTO) Program Long Term Disability (100% paid) Life Insurance (100% paid) 401(k) with immediate vesting and 3% (of salary) dollar-for-dollar match

Plus, we have a lucrative employee referral program and an employee recognition culture. FastTek Global was named one of the

Top Work Places

in Michigan by the Detroit Free Press in

2013, 2014, 2015, 2016, 2017, 2018, 2019 ,

2020, 2021, 2022 and 2023! To view all of our open positions go to: https://www.fasttek.com/fastswitch/findwork Follow us on Twitter: https://twitter.com/fasttekglobal Follow us on Instagram: https://www.instagram.com/fasttekglobal Find us on LinkedIn: https://www.linkedin.com/company/fasttek You can become a fan of FastTek on Facebook: https://www.facebook.com/fasttekglobal/