Information Security Analyst

Summary

Join a dynamic team at DRT Strategies as an Information Security Analyst to safeguard CDC's information systems and data. The successful candidate will work alongside cybersecurity experts, IT professionals, and public health experts to ensure robust information security practices and compliance with federal standards.

Requirements

• At least 8 years of experience in information security, cybersecurity, or IT systems administration
• Experience working with NIST 800-53, FISMA, HIPAA, FEDRAMP, and other applicable standards
• Knowledge of security tools and technologies such as firewalls, IDS/IPS, endpoint protection, and vulnerability scanning software
• Familiarity with cloud security, mobile device management, and encryption protocols is a plus
• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field

Responsibilities

• Implement and manage security monitoring tools, including intrusion detection systems (IDS) and security information and event management (SIEM) systems, to detect and respond to potential security threats
• Perform routine vulnerability assessments and risk assessments across systems, networks, and applications. Collaborate with IT teams to address findings and mitigate identified vulnerabilities
• Participate in incident response efforts, including investigating security breaches, coordinating with relevant stakeholders, and documenting actions taken
• Assist in the development and implementation of information security policies, procedures, and security controls. Ensure compliance with federal regulations and industry best practices, including NIST SP 800-53, FISMA, and HIPAA (where applicable)
• Support initiatives to protect sensitive information and ensure the proper encryption, backup, and access control mechanisms are in place
• Provide training and awareness programs to employees on information security best practices, threat identification, and reporting
• Assist in conducting internal audits and risk assessments, ensuring compliance with applicable security regulations, guidelines, and CDC standards
• Work with cross-functional teams within CDC to ensure consistent security practices across all projects and operations
• Maintain accurate and detailed security documentation, including security plans, incident reports, risk assessments, and audit logs

Preferred Qualifications

• Strong understanding of network security principles, incident response, and vulnerability management
• Ability to perform detailed technical analysis of security incidents and create effective mitigation plans
• Experience with security tools such as Splunk, Nessus, Qualys, or similar SIEM and vulnerability management platforms
• Certifications such as CISSP, CISM, CEH, or CompTIA Security+ are preferred