• Product Security Analyst responsible for applying an interdisciplinary, collaborative approach to plan, design, develop, validate and verify lifecycle balanced information system security solutions
• Implement cybersecurity features on program systems and implement RMF processes for embedded computing systems
• Evaluates customer/operational needs to define and coordinate system security requirements, integrate technical parameters and assure compatibility of all physical, functional and program interfaces
• Performs various analyses to optimize total system of systems and/or system architecture. Identifies assets and assesses risks, threats, and vulnerabilities of the product assets in accordance with accepted industry, professional, and government standards to ensure security design integrity, availability, confidentiality, non-repudiation and contract compliance
• Evaluates remediation recommendations and develops a cost to mitigate estimate
• Employs system security processes, methods, and tools and assures their consistent application. Resolves cross-functional technical issues
• Implements appropriate Accreditation and Authorization (A&A) activities per ICD 503 RMF, NISPOM, or DoD Overprint to the NISPOM as required by customers
• Coordinates with system administrators, network and software engineers, test and validation engineers and program management on security related activities and requirements
• Travel (20%) will be required for meetings with customers, internal meetings, etc Works under minimal direction.
• Work on Security GRC and GRC Lead in developing, reviewing, and maintaining an enterprise-wide governance, risk management, and compliance program, aligning it with the agency's goals and objectives
• Ensure policies, procedures, and controls comply with legal and regulatory requirements, industry standards, and best practices
• Conduct and document risk assessments of information systems, vendors, and business processes to identify vulnerabilities, assess the impact of risks, and recommend mitigation strategies
• Track and report on identified risks and mitigation strategies.
• Support the organization's risk register and help business units develop remediation plans
• Monitor compliance with internal policies and state regulatory requirements.
• Support internal and external audit activities, including evidence collection and gap remediation.
• Assist with regulatory reporting and compliance attestations.

Bachelor’s degree or comparable work experience

Identify, report, and escalate risks to manager and stakeholders appropriately

Communicate and present analysis to senior leadership and diverse stakeholders across the organization

Professionally communicate to technical and non-technical staff: written, oral, and formal presentations