Security Analyst

Who we are:Bixal is a mission-driven, woman-owned small business determined to improve people's lives through human-centered strategies and transformative technologies, with a firm belief that everyone has the right to an effective government.   We deliver on this belief by partnering with leading Federal agencies to design, develop, and deliver powerful customer experiences through holistic digital product solutions and strategic communications initiatives––bringing a high standard and unique creative energy to our clients––and our wonderfully diverse culture is what makes it all possible.   Bixal unites different people with different perspectives from all over the world! We provide our team with an open and empowered environment where collaboration thrives and solutions flourish. 
What will you do?You will work with product and engineering leads, as well as government partners and stakeholders, to understand security and compliance requirements for a variety of initiatives, translate those requirements into effective, but flexible processes that ensure compliance while minimizing the burden on the product development lifecycle, and create related documentation for a wide variety of audiences. 
You will test and review information systems to identify potential security weaknesses, recommend improvements to amend vulnerabilities, and implement changes and document upgrades. They will also be required to assess the impacts on system modifications while staying up to date on technological advances.  
You bring strong communication skills with demonstrated experience working with a variety of stakeholders to design and implement compliance processes that support the software development lifecycle.  You have extensive experience developing related documentation and other artifacts for a wide range of audiences and have an interest in leading internal efforts to share lessons learned and promote continuous improvement.
Location:This role can be remote.  You must be legally eligible to work in the United States.  Bixal does not provide visa sponsorship.  You must be able to pass and maintain a Public Trust clearance. 

Responsibilities:

• Provide accurate technical evaluations of the software application, system, or network and document the security posture, capabilities, and vulnerabilities against applicable NIST and ARS 3.1 controls. 
• Configuration/Patch/Vulnerability Management - Perform and review scan results for the system assets, identify the respective remediation for misconfigurations and weaknesses, and work with the system team to ensure timely implementation of a fix.
• Participate as a member of the Incident Response Team by conducting forensic analysis and troubleshooting to assist in the containment and remediation of security incidents.
• Develop metrics to measure and track compliance, risk, and the effectiveness of the information security program.
• Experience working with engineers for the automation of security controls. 
• Experience executing Threat Modeling, Contingency Plans and Security Control Audits.  
• Other responsibilities as needed.

Qualifications:

• 3+ years of experience in software design and development, architecture, operations.
• Previous experience supporting software teams in a security and compliance capacity, preferably within an agile environment. Some examples include translating security and compliance requirements into tasks, prioritizing tickets, removing blockers, developing plans to support development, and understanding how changes may impact software security and privacy.
• Understand how to create processes that support the delivery of secure and compliant systems while minimizing the burden and impact on product teams. Has experience operating within the context of the full software development lifecycle.
• Take a consultative and proactive approach to understand requirements, design effective processes, and identify opportunities for improvement.
• Experience delivering formal documentation (i.e., System Security Plans, Version Description Document, contracts, application documentation) and is effective at translating complex technical terms for a wide variety of audiences.
• Capable of managing compliance efforts and reporting on progress across multiple teams. 

Nice to Haves:

• CISA, CISSP or HCISSP preferred, not required.
• AWS Certified Security Specialty preferred, not required.

Perks & Benefits:Competitive base salaryFlex hoursWork from home flexibility401K with matching incentiveMedical/dental/vision benefitsFlex Spending AccountCompany provided short-term disabilityCompany provided life insuranceCommuter benefitsGenerous PTOPaid holidaysLegalShieldProfessional development opportunitiesNew business referral bonus
No recruiters or agencies please. Bixal is an equal opportunity employer and is committed to building a safe, inclusive environment for people of all backgrounds.