Bixal Remote Full-time

Bixal will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. If you require any accommodation as part of our recruitment process, please contact us at Talent@bixal.com. You can expect a response from a team member within 24 hours during the regular work week and on the next operating day during the weekend or holidays.
Location:
This role can work remotely from anywhere in the USA, excluding its territories. You must be legally authorized to work in the USA. Bixal does not provide visa sponsorship.
What will you do?
As a Security Analyst, you will play a critical role in our team, serving as an individual contributor with the full support and guidance of our leadership. Your primary responsibility will be to conduct comprehensive security control assessments of information systems, focusing on the effectiveness of security and privacy controls as well as the vulnerability status of applications, databases, and other components within the system boundary.
Working with the NIST 800-53 security framework, you will assist in performing rigorous assessments on any new systems developed or deployed by our customers as well as documenting the security posture of such system(s) in order to be able to go through an Authority to Operate (ATO). Additionally, you will conduct audits of security controls to ensure ongoing, continuous monitoring of assigned systems. This role will allow you to develop a deeper awareness and understanding of security and compliance within your designated program, while also interacting with key stakeholders to ensure alignment with security standards.

Responsibilities

  • Conducts security control tests of design and operational effectiveness
  • Manages remediation tasks to completion on tight deadlines
  • Leads analysis and remediation of findings discovered during scheduled internal and third-party vulnerability scans and penetration tests.
  • Participate in technical and non-technical projects requiring information security oversight and to ensure policies, procedures and standards are met.
  • Handles special projects and initiatives as assigned.
  • Provide relevant analysis, suggest mitigations, track remediation, manage scheduled scans, identify gaps, and expand scan coverage and escalate as appropriate.
  • Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovations.
  • Conduct cyber security risk assessments and serves as a liaison for the security team.
  • Assist in incident response (IR) with security operations center (SOC) and/or IT teams.
  • Creates security operation controls, playbooks, procedures, and guidelines.
  • Participates in planning sessions to ensure security and compliance requirements are met.
  • Stays current on best practices, current trends, and pertinent changes in internal/external threats and opportunities in a timely and anticipatory manner.  Advises management on key findings.
  • Performs all other duties and special projects as assigned.

Qualifications

  • Bachelor’s degree in a related field, plus 10 years of work experience, or equivalent combination of education and experience
  • Professional security certifications (CySA+, Security+, CISSP, CCSP, CISM, CISA, AWS Certified Security Specialty) or willingness to obtain certification.
  • Working knowledge of AWS Security tools, their functionality and purpose.
  • Strong working knowledge of cloud security concepts and services such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS)
  • Strong familiarity of fundamental and operational concepts in information security, including network security, encryption, authentication, and incident response.
  • Experience with common security technologies and tools, such as firewalls, intrusion detection/prevention systems, SIEM platforms, and endpoint security solutions.
  • Demonstrated use of security frameworks and standards such as NIST SP 800-53, CIS Critical Security Controls, OWASP, MITRE ATT&CK, and ISO27001.
  • Strong experience assessing and providing recommendations on the following: Privacy Impact Assessment, Risk Assessment, System Security Plan, Disaster Recovery / Contingency Plan, and Incident Response Plan. 
  • Provide Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timelines.
  • Experience with Government Agency Security Assessment Process in support of maintaining and/or establishing an ATO and the appropriate security boundary.
  • Strong knowledge of the Systems Development Life Cycle (SDLC) and its application in the development of technology solutions.
  • Must be able to obtain Public Trust clearance.

Nice to Have

  • Familiarity with working with Drupal
  • Strong working knowledge of networking protocols, TCP/IP, and operating systems (Windows, Linux).
  • Familiarity with applying scripting languages into security operations procedures and investigations (examples in Python or PowerShell).