Security Analyst

Job Description The Security Analyst is responsible for completing and maintaining system security plans (SSP) for new and existing systems. The system security plans are documented in the Governance, Risk, Compliance tool. This requires close coordination with IT project teams, tech leads, business and enterprise security representatives, and product owners, to establish and maintain processes and security controls for systems, and to identify security vulnerabilities and coordinate remediation plans. Security Analysts are assigned resources for DTMB development projects. Security Analysts are typically not assigned resources and are available for consult, if

needed, for Commercial off the Shelf (COTS) procurement phase projects. For COTS implementation phase projects, Security Analysts are typically listed resources to navigate SSP/Authority to Operate (ATO) activities with Michigan Cyber Security (MCS) to support security requirements to Go Live.

Job Duties Create SSPs via collaboration with MDOT Automation Managers, System Owners, System Security Administrators, and project team for new applications in alignment with the Secure Application Development Life Cycle and Michigan Security Accreditation Process. Maintain SSPs for existing applications requiring ATO and those facing software and/or hardware enhancements. Collaborate with business representatives to establish system registration. Identify security testing and system scanning requirements. Perform risk assessments and provide responses for security controls. Continuously monitor plans of action and milestones and corrective action plans as they relate to the SSPs in collaboration with the MDOT Enterprise Information Management office. Validate respective SSPs to ensure NIST control requirements are met. Author recommendations associated with findings on how to improve the customer's security posture in accordance with SOM Policies, Standards, and Procedures, and NIST (National Institute of Standards and Technology) controls. Assist team members and vendors with proper artifact collection to satisfy assessment requirements. Coordination of scanning activities/enterprise activities with MCS, tech leads, and business areas. Assist with performing system Data Classifications part of the SSP/ATO process. Requirements

1+ years:

Experience in the IT industry analyzing and applying information security principles and practices Experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems Experience analyzing the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3,4 or 5, and 800-53A Revision 1. Experience working independently and in a team environment

Strong written and verbal communication skills including the ability to explain technical matters to a

non-technical audience

Ability to collaborate on multiple projects/efforts at a given time

Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change

Desired Skills

2+ years:

Experience with other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements CISSP, CISA, PMP and/or Security+ Certification.

Experience working with software vendors to implement security controls

Minimum Education

None Location

Candidates MUST be local

at time of submission Position is a hybrid schedule NO REMOTE ONLY OPTION. Position will be hybrid work schedule onsite 2 days a week (Tuesdays and Wednesdays) and WFH the remaining 3 days. Working hours Monday-Friday, approximately 8:00 a.m. to 5:00 p.m. Additional Requirements

Must be authorized to work in the United States;

We are unable to offer sponsorships at this time Must undergo a background check and drug screening for employment. Employment Terms

This is a W2 position 40 hrs per week NO REMOTE ONLY OPTION. Position will be hybrid work schedule onsite 2 days a week (Tuesdays and Wednesdays) and WFH the remaining 3 days.

About Zenfreed

At Zenfreed, we are more than an IT company. We bridge the gap between people wanting to do the work they were meant to do and organizations needing the right talent.

We are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.

Benefits

We understand a comprehensive benefits package is crucial to employment satisfaction. We offer medical, dental and vision coverage options for all employees.