Security Analyst

at  Peraton

ABOUT PERATON

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

DESCRIPTION

Peraton is seeking a Security Analyst to join our team of qualified, diverse individuals. This position is located in Herndon, VA with some remote work possible. The qualified applicant will become part of Peraton’s Department of State (DOS) Consular Systems Modernization (CSM) Program, for the Bureau of Consular Affairs (CA). This initiative will modernize and consolidate the operational environment under a common technology framework in order to better support the services provided to CA’s customers.

BASIC QUALIFICATIONS:

• Bachelor’s degree in a related field and at least 5 years’ experience.
• Experience supporting the Accreditation and Certification process and obtaining an Approval To Operate (ATO) in accordance with the U.S Federal Information Systems Risk Management Framework (RMF).
• Experience in the NIST Framework and ISO Standards.
• Experience in tracking and resolving Vulnerability Alerts and Plan of Action and Milestones (POAMs).
• Experienc e with writing security controls implementation statements for systems in development to deliver for evaluation and testing to the RMF4 team in support of ATO per NIST 800-53 rev4 control set.
• Experience developing artifacts for the System Security Plan (SSP).
• Experience working with in Agile/Scrum.
• Experience working on multiple concurrent activities such as simultaneous ATOs.
• Excellent communication skills, both verbally and in writing to effectively interact with multiple teams both internal and external and client interaction.
• Must have a current, Secret (or higher) clearance. Interim clearances are acceptable.

PREFERRED QUALIFICATIONS:

• Experience with security controls and ATO process for cloud-based environments including deploying solutions on public/hybrid clouds.
• Familiarity with DevSecOps, SDLC, CI/CD pipelines, and related Agile processes.
• Familiarity with any of the following: Jenkins, Docker, or other CD integration tools, and Fortify, CaST, or other SAST\DAST testing tools. Target Salary Range
  $86,000 - $138,000. This represents the typical salary range for this position based on experience and other factors.

ROLES AND RESPONSIBILITIES:

• Ensure compliance with all systems security requirements and updates, providing guidance and instruction as necessary to personnel and development teams.
• Ensure Configuration Management (CM) for security-relevant software, hardware, and firmware is documented and maintained.
• Support ATO/certification and accreditation activities ensuring that system security requirements are met.
• Support and track resolving Vulnerability Alerts and Plan of Action and Milestones (POAMs)
• Track status of all system ATOs and recertification efforts.
• Work with architecture and development teams to document security control implementation in accordance and compliance with NIST 800-53 rev 4 control requirements.
• Work with team to initiate protective and corrective measures when a security incident or vulnerability is discovered.
• Maintain relationships with customer security counterparts.