Information Security Analyst

Bixal will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. If you require any accommodation as part of our recruitment process, please contact us at Talent@bixal.com. You can expect a response from a team member within 24 hours during the regular work week and on the next operating day during the weekend or holidays.

Bixal is a mission-driven organization determined to have a positive impact on the lives of people everywhere. We do this by partnering with leading federal agencies to conceive and create powerful data-driven customer experiences to better serve the American public and communities around the world.

Bixal is more than an organization. Bixal is a methodology. It’s a people-absolutely-first approach to solving complex organizational challenges, balancing cutting-edge technical chops with a deep sense of empathy and understanding.

As a Security Analyst, you will play a critical role in our team, serving as an individual contributor with the full support and guidance of our leadership. Your primary responsibility will be to conduct comprehensive security control assessments of information systems, focusing on the effectiveness of security and privacy controls as well as the vulnerability status of applications, databases, and other components within the system boundary.

Working within the NIST 800-53 Rev. 5 security framework, you will assist in verifying the security posture of existing systems with an Authority to Operate (ATO), performing rigorous assessments on any new systems developed or deployed by our customers. Additionally, you will conduct audits of security controls to ensure ongoing, continuous monitoring of assigned systems.

This role will allow you to develop a deeper awareness and understanding of security and compliance within your designated program, while also interacting with key stakeholders to ensure alignment with security standards.

• Conducts security control tests of design and operational effectiveness
• Manages remediation tasks to completion on tight deadlines
• Leads analysis and remediation of findings discovered during scheduled internal and third-party vulnerability scans and penetration tests.
• Participate in technical and non-technical projects requiring information security oversight and to ensure policies, procedures and standards are met.
• Handles special projects and initiatives as assigned.
• Provide relevant analysis, suggest mitigations, track remediation, manage scheduled scans, identify gaps, and expand scan coverage and escalate as appropriate.
• Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovations.
• Conduct cyber security risk assessments and serves as a liaison for the security team.
• Assist in incident response (IR) with security operations center (SOC) and/or IT teams.
• Creates security operation controls, playbooks, procedures, and guidelines.
• Participates in planning sessions to ensure security and compliance requirements are met.
• Stays current on best practices, current trends,and pertinent changes in internal/external threats and opportunities in a timely and anticipatory manner.  Advises management on key findings.
• Performs all other duties and special projects as assigned.

• Bachelor’s degree in computer sciences, Information Security, or equivalent work experience.
• At least 3 years of relevant experience within information security and technology.
• Professional security certifications (CySA+, Security+, CISSP, CCSP, CISM, CISA, AWS Certified Security Specialty) or willingness to obtain certification.
• Working knowledge of AWS Security tools, their functionality and purpose.
• Strong working knowledge of cloud security concepts and services such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS)
• Strong familiarity of fundamental and operational concepts in information security, including network security, encryption, authentication, and incident response.
• Experience with common security technologies and tools, such as firewalls, intrusion detection/prevention systems, SIEM platforms, and endpoint security solutions.
• Demonstrated use of security frameworks and standards such as NIST SP 800-53, CIS Critical Security Controls, OWASP, MITRE ATT&CK, and ISO27001.
• Strong experience assessing and providing recommendation on the following: Privacy Impact Assessment, Risk Assessment, System Security Plan, Disaster Recovery / Contingency Plan, and Incident Response Plan. 
• Provide Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timelines.
• Experience with Government Agency Security Assessment Process in support of maintaining and/or establishing an ATO and the appropriate security boundary.
• Strong knowledge of the Systems Development Life Cycle (SDLC) and its application in the development of technology solutions.

• Strong working knowledge of networking protocols, TCP/IP, and operating systems (Windows, Linux).
• Familiarity with applying scripting languages into security operations procedures and investigations (examples in Python or PowerShell).

Perks & Benefits:

Competitive base salary

Flex hours

Work from home flexibility

401K with matching incentive

Parental Leave

Medical/dental/vision benefits

Flex Spending Account

Company provided short-term disability

Company provided life insurance

Commuter benefits

Generous PTO

11 Paid holidays

Professional development opportunities

New business referral bonus

Please note that candidates selected may undergo a background investigation and, if applicable, meet eligibility requirements for suitability.

Bixal is an equal opportunity and affirmative action employer. It ensures equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, veteran status, or any other characteristic protected by law. We are dedicated to promoting diversity, equity, and inclusion within our organization and beyond.