Bixal is hiring a
Information Security Analyst

Summary

Join Bixal as a Security Analyst and play a critical role in conducting comprehensive security control assessments of information systems, working with the NIST 800-53 security framework, and assisting in performing rigorous assessments on new systems developed or deployed by our customers.

Requirements

• Bachelor’s degree in a related field, plus 10 years of work experience, or equivalent combination of education and experience
• Professional security certifications (CySA+, Security+, CISSP, CCSP, CISM, CISA, AWS Certified Security Specialty) or willingness to obtain certification
• Working knowledge of AWS Security tools, their functionality and purpose
• Strong working knowledge of cloud security concepts and services such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS)
• Strong familiarity of fundamental and operational concepts in information security, including network security, encryption, authentication, and incident response
• Experience with common security technologies and tools, such as firewalls, intrusion detection/prevention systems, SIEM platforms, and endpoint security solutions
• Demonstrated use of security frameworks and standards such as NIST SP 800-53, CIS Critical Security Controls, OWASP, MITRE ATT&CK, and ISO27001
• Strong experience assessing and providing recommendations on the following: Privacy Impact Assessment, Risk Assessment, System Security Plan, Disaster Recovery / Contingency Plan, and Incident Response Plan
• Provide Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timelines
• Experience with Government Agency Security Assessment Process in support of maintaining and/or establishing an ATO and the appropriate security boundary
• Strong knowledge of the Systems Development Life Cycle (SDLC) and its application in the development of technology solutions
• Must be able to obtain Public Trust clearance

Responsibilities

• Conducts security control tests of design and operational effectiveness
• Manages remediation tasks to completion on tight deadlines
• Leads analysis and remediation of findings discovered during scheduled internal and third-party vulnerability scans and penetration tests
• Participate in technical and non-technical projects requiring information security oversight and to ensure policies, procedures and standards are met
• Handles special projects and initiatives as assigned
• Provide relevant analysis, suggest mitigations, track remediation, manage scheduled scans, identify gaps, and expand scan coverage and escalate as appropriate
• Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovations
• Conduct cyber security risk assessments and serves as a liaison for the security team
• Assist in incident response (IR) with security operations center (SOC) and/or IT teams
• Creates security operation controls, playbooks, procedures, and guidelines
• Participates in planning sessions to ensure security and compliance requirements are met
• Stays current on best practices, current trends, and pertinent changes in internal/external threats and opportunities in a timely and anticipatory manner. Advises management on key findings
• Performs all other duties and special projects as assigned

Benefits

• Competitive base salary
• Flex hours
• Work from home flexibility
• 401K with matching incentive
• Parental Leave
• Medical/dental/vision benefits
• Flex Spending Account
• Company provided short-term disability
• Company provided life insurance
• Commuter benefits
• Generous PTO
• 11 Paid holidays
• Professional development opportunities
• New business referral bonus