COMPLETE Cyber Security Analyst

Introduction
As a Test Specialist at IBM, your analytical and technical skills will directly impact the quality of the software we create. Come work in an agile environment where you will help each iteration reach the next level. Whether the testing is manual, automated, or cognitive, you hold a key role in releasing the best deliverables to IBM’ers and our clients.

Your Role and Responsibilities

Octo, an IBM company, is an industry-leading, award-winning provider of technical solutions for the federal government. At Octo, we specialize in providing agile software engineering, user experience design, cloud services, and digital strategy services that address government's most pressing missions. Octo delivers intelligent solutions and rapid results, yielding lower costs and measurable outcomes.

Our team is what makes Octo great. At Octo you'll work beside some of the smartest and most accomplished staff you'll find in your career. Octo offers fantastic benefits and an amazing workplace culture where you will feel valued while you perform mission critical work for our government. Voted one of the region’s best places to work multiple times, Octo is an employer of choice!

You…

As a Cyber Security Analyst with Octo, you will join an Agile program in support of the development of a High Value Asset, mission-critical application at the Transportation Security Administration. The ideal candidate will have an understanding in all aspects of IT Cyber Security. They will have experience in Identifying, addressing, and analyzing the potential for technical failures, malicious attacks, single points of failure that impact the confidentiality, integrity, and availability of a system. You are also able to collect and report on security risks and vulnerabilities across various platforms. You are comfortable working side by side with engineers, analysts, and customers to make decisions together and troubleshoot issues. You are agile, fearless, enthusiastic, empathic, and relentless in the pursuit of continuous improvement.

Us…

We were founded as a fresh alternative in the Government Consulting Community and are dedicated to the belief that results are a product of analytical thinking, agile design principles and that solutions are built in collaboration with, not for, our customers. This mantra drives us to succeed and act as true partners in advancing our client’s missions.

Program Mission…

You will be working on a high-profile program supporting mission-critical applications for the Transportation Security Administration (TSA). Your team will be responsible for detecting, reporting, correcting and preventing cyber security risks and vulnerabilities on the program and will have a direct say in coordination with the Information System Security Officer (ISSO) with how cyber security is implemented.

Skills & Other Requirements

Responsibilities...

• Identification and evaluation of vulnerabilities, threats, and faulty policies/procedures that affect the security architecture. Capability of evaluating how the information system security architecture and developer security architecture plans/planning ensure integration with and meet enterprise security architecture.
• Application of technical skills to identify the consequences of outdated policies, failure of internal controls, and patterns of exploit through the review and tracking of STIGs.
• Interpretation of vulnerability scans to identify risk of remediation on the system and interconnected systems through the enterprise, to include the analysis of the system’s behavior and outputs against the signatures of known vulnerabilities.
• Ability to understand scan vulnerabilities from various sources (e.g. Tenable Nessus, Fortify, Web Inspect, etc.) and identify downstream risks, threats, and deviations from OMB, NIST, and TSA policies and standards.
• Ability to conduct qualitative analysis of security controls, POAMs, security artifacts, scans results, hardware and software asset baselines, and all characteristic data of the information system (e.g. classification / selected data types, environment, MTD/RPO/RTO, IAM, encryption, architecture, etc).
• Communicate and track security related assignments, vulnerabilities, POAM’s and ISVMs

Years of Experience: 5+ years of relevant experience preferred

Education: Bachelor’s degree preferred

Location: Remote within the United States

Clearance: U.S. Citizenship is required | Ability to obtain and maintain a Public Trust is required | Active TSA clearance strongly preferred

Required Technical and Professional Expertise

• Requires strong analytical and organizational skills to include strong attention to detail.
• Strong interpersonal skills and ability to work collaboratively in a dynamic team environment.
• Comfortable analyzing security vulnerabilities detected from static and dynamic scanning tools
• Experience with product management tools and practices, can interface directly with product teams to assign work/influence backlog for security needs

Preferred Technical and Professional Expertise

• Understanding of cloud and platform technologies (AWS, Kubernetes)
• Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) Certified Authorization Professional (CAP)
• Working knowledge of management/tracking utilities such as JIRA/Confluence, a plus
• Experience working in a SAFe Agile environment and knowledge of Agile philosophies