At ValidaTek, we modernize and optimize IT services to solve some of the most critical challenges facing federal civilian and defense agencies. From customers to partners to top-talent employees, ValidaTek puts people first, empowering them to exceed expectations and transform government organizations. Our success starts and ends with our people, so we built a company where great people can do great things, with the resources and autonomy to make decisions that transform organizations. We operate as one team of diverse people, united by a passion for continuous growth and optimization. Our commitment to quality and performance optimization is the reason why our IT Service Projects and New Development Projects have been appraised at CMMI Maturity Level 5, positioning us as one of a handful of elite companies to receive the highest form of third-party validation. www.validatek.com

We are seeking a skilled and dedicated Mid Information Security Analyst to support a program with the Defense Information Systems Agency (DISA). As a Mid Information Security Analyst, you will play a vital role in ensuring the confidentiality, integrity, and availability of the program's information assets. You will collaborate closely with DISA representatives, contractors, and other stakeholders to implement security controls, conduct risk assessments, and monitor compliance with security policies and regulations. The ideal candidate has a strong foundation in information security principles, excellent analytical skills, and a passion for safeguarding critical information in a DISA environment.

• Security Control Implementation: Assist in the implementation and management of security controls, including access control, encryption, network security, vulnerability management, and incident response. Ensure adherence to DISA's security policies, guidelines, and industry best practices.
• Risk Assessment and Mitigation: Conduct risk assessments to identify potential security threats, vulnerabilities, and impacts to the program's information assets. Develop and implement risk mitigation strategies and control recommendations.
• Security Monitoring and Incident Response: Monitor and analyze security events and incidents, utilizing security information and event management (SIEM) tools. Investigate and respond to security incidents promptly, following established incident response procedures.
• Compliance and Auditing: Ensure compliance with DISA security standards, frameworks, and regulatory requirements. Support security audits and assessments, providing documentation, evidence, and remediation plans as needed.
• Security Awareness and Training: Assist in developing and delivering security awareness and training programs for program personnel. Promote a culture of security awareness and compliance throughout the program.
• Security Documentation and Reporting: Maintain accurate and up-to-date security documentation, including policies, procedures, and system configurations. Prepare regular reports on security incidents, metrics, and compliance status for program management and stakeholders.
• Vulnerability Management: Conduct vulnerability assessments and coordinate remediation efforts. Utilize vulnerability scanning tools and stay updated on emerging threats and vulnerabilities.
• Collaboration and Stakeholder Engagement: Collaborate closely with DISA representatives, contractors, and other stakeholders to understand program requirements and align security solutions accordingly. Communicate security-related updates, issues, and recommendations effectively to stakeholders.
• Continuous Learning and Professional Development: Stay updated with emerging technologies, trends, and industry best practices in information security. Pursue relevant certifications and training opportunities to enhance knowledge and skills.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required.
• Proven experience (3-7 years) as an Information Security Analyst or a similar role, preferably in supporting DISA programs or other government contracts.
• Active DoD Top Secret clearance - required.
• Strong understanding of information security principles, best practices, and frameworks (e.g., NIST, DISA STIGs).
• Familiarity with security controls and technologies, including firewalls, intrusion detection/prevention systems, SIEM, encryption, and access control.
• Experience with vulnerability assessment tools and techniques.
• Knowledge of incident response procedures and practices.
• Familiarity with security compliance frameworks (e.g., RMF, PCI DSS) and audit processes.
• Excellent analytical and problem-solving skills, with the ability to assess and mitigate security risks effectively.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with diverse stakeholders.
• Industry certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH) are a plus.

ValidaTek is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, or disability status.

Applicants who are selected for employment will be required to verify authorization to work in the United States.

Offers of employment will be contingent upon passing a post-offer background check.