Information Security Analyst | RMF
Who is Epsilon:
Epsilon is an IT Services company that was founded in 2009 and has become an established leader in providing Information Technology services to both Federal Government and Commercial businesses across the United States. Epsilon is known for its solution-focused and innovative approach, aligning technology systems, tools, and processes with the missions and objectives of its customers.
Epsilon’s headquarters are in Weaverville, NC with other corporate offices in Greenville, SC, Crystal City, VA, and Denver, CO. We have employees in 30+ States across the U.S.
Why work for Epsilon:
In joining Epsilon’s team, you will have the opportunity to contribute to Epsilon’s business and customer initiatives, as well as influence our brand culture through people interaction and technology advancements.
Epsilon invests in our employees by promoting from within and enabling employees to elevate their knowledge and skill set in their profession by allocating $3,000 annually in Professional Development funds. We also offer competitive pay, comprehensive benefits through one of the largest national carriers, Paid Time Off (PTO) that increases with tenure and has a generous rollover, 11 company paid Holidays, and 401(k) with immediate contribution.
Where you’ll work:
This fully remote opportunity allows you the flexibility to work from home in support of Epsilon’s USDA DISC Customer.
Our Customer’s Mission:
The USDA Digital Infrastructure Services Center (DISC) operates 24/7/365 to provide comprehensive on premises and cloud-based hosting services, including Disaster Recovery, security, and professional support services and operations to approximately 35 federal organizations. The USDA and other Federal partners depend upon DISC’s highly complex and interconnected technology infrastructure to conduct their operations. To better support this mission, DISC is modernizing their technology by transitioning to a continuous integration, deployment, and code-based organization.
An average day:
As an Information Security Analyst | RMF, you will be responsible for ensuring compliance with NIST and FISMA guidance, discover and mitigate cybersecurity risks, and understand and apply policies to address requests for information on cyber best practices. You will conduct risk assessments, support Authority to Operate (ATO) activities for RMF steps 0-6, and provide subject matter expert (SME) information system security expertise to ensure the appropriate operational security posture is maintained for information systems. This position will also augment the internal Audit Liaison and assist in gathering required artifacts from technical SMEs. This position will operationally report to the Risk Management Lead and work closely with other members of the team to assess and evaluate the effectiveness of internal controls. Additionally, in this position you will:
- Support development of a robust RMF package necessary to achieve and maintain a full, multi-year Authority to Operate (ATO) for multiple systems to include privacy documentation.
- Create, establish, document, and refine the security controls, policies, procedures, and artifacts necessary to ensure applicable security requirements are met.
- Document findings and recommendations related to control deficiencies and develop recommendations for corrective action.
- Develop assessment plans and coordinate with other members of the Risk Management team to ensure that security objectives are met.
- Actively participate and lead meetings to review and assess compliance of systems and technologies.
- Communicate findings and recommendations to management and other stakeholders.
- Monitor and track corrective actions in the form of Plan of Action and Milestones (POA&Ms) to ensure that deficiencies are addressed in a timely manner.
- Stay abreast of changes to NIST and FISMA guidance and incorporate these changes into the organizational RMF process.
- Create and maintain organizational Interconnection Service Agreements.
- Keep a well-managed repository of audit documentation.
- Develop and improve processes for streamlining and enhancing the internal audit process.
- Update work in Confluence and Jira per team practices.
- As a requirement of this position, all candidates must be a U.S. Citizen. In accordance with 8 U.S.C. 1324b(a)(2)(C), Epsilon will not consider candidates for this position who do not meet the aforementioned conditions.
- Bachelor’s degree in information systems (preferred) or related field.
- 5+ years of working experience in federal government Risk Management Framework practices as it relates to system security.
- Strong working knowledge of the NIST Risk Management Framework (RMF), NIST SP 800-53 controls, Assessment and Authorization processes, FedRAMP, and SOC audits.
- Proven experience with documenting required supporting artifacts to obtain and maintain an Authority to Operate (ATO).
- Clear understanding of network architecture and technical components of any network diagram.
- Experience with Microsoft Office, specifically, Word, Excel, Teams, and PowerPoint. (Nice to have but I assume everyone has Microsoft office experience)
- Ability to conduct interviews with technical subject matter experts to gather information and assess compliance with controls.
- Strong analytical skills and attention to detail.
- Excellent written and verbal communication skills to communicate with key stakeholders, process owners, and customers to manage expectations, eliminate gaps, and ensure success.
- Ability to work independently and as part of a team.
- Experience working with commercial Cloud Service Providers preferred.
- Professional certification such as CIA, CISA, or CISSP preferred.
- Experience using and updating work in Confluence and Jira preferred.
- Must be able to pass federal background investigation and obtain a Public Trust
Epsilon is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applications will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. EEO/AA: Minorities/Females/Disabled/Vets.
Please click here to review your rights under EEO policy.
If you are an individual with a disability and need special assistance or reasonable accommodation in applying for employment with Epsilon, Inc., please contact our Recruiting department by phone 828-398-5414 or by email email@example.com.