Information Security Analyst | RMF

Who is Epsilon:
Epsilon is an IT Services company that was founded in 2009 and has become an established leader in providing Information Technology services to both Federal Government and Commercial businesses across the United States. Epsilon is known for its solution-focused and innovative approach, aligning technology systems, tools, and processes with the missions and objectives of its customers.

Epsilon’s headquarters are in Weaverville, NC with other corporate offices in Greenville, SC, Crystal City, VA, and Denver, CO. We have employees in 30+ States across the U.S.

Why work for Epsilon:
In joining Epsilon’s team, you will have the opportunity to contribute to Epsilon’s business and customer initiatives, as well as influence our brand culture through people interaction and technology advancements.

Epsilon invests in our employees by promoting from within and enabling employees to elevate their knowledge and skill set in their profession by allocating $3,000 annually in Professional Development funds. We also offer competitive pay, comprehensive benefits through one of the largest national carriers, Paid Time Off (PTO) that increases with tenure and has a generous rollover, 11 company paid Holidays, and 401(k) with immediate contribution.

Our Customer’s Mission:
The USDA Digital Infrastructure Services Center (DISC) operates 24/7/365 to provide comprehensive on premises and cloud-based hosting services, including Disaster Recovery, security, and professional support services and operations to approximately 35 federal organizations. The USDA and other Federal partners depend upon DISC’s highly complex and interconnected technology infrastructure to conduct their operations. To better support this mission, DISC is modernizing their technology by transitioning to a continuous integration, deployment, and code-based organization.

This fully remote opportunity allows you the flexibility to work from home in support of the USDA DISC’s location in Kansas City, MO.

An average day:
The Information Security Analyst will be responsible for ensuring compliance with NIST and FISMA guidance, discover and mitigate cybersecurity risks, understand and apply policies to address requests for information on cyber best practices, conduct risk assessments, and support Authority to Operate (ATO) activities for RMF steps 0-6. Additionally, will provide information system security subject matter expertise (SME) to ensure the appropriate operational security posture is maintained for information systems. This position will operationally report to the Risk Management Lead and work closely with other members of the team to assess and evaluate the effectiveness of internal controls. In this position you will:

• Support development of a robust RMF package necessary to achieve and maintain a full, multi-year Authority to Operate (ATO) for multiple systems to include privacy documentation.
• Responsible for NIST RMF steps one through four, six and seven.
• Create, establish, document, and refine the security controls, policies, procedures, and artifacts necessary to ensure applicable security requirements are met.
• Document findings and recommendations related to control deficiencies and develop recommendations for corrective action.
• Develop assessment plans and coordinate with other members of the Risk Management team to ensure that security objectives are met.
• Actively participate and lead meetings to review and assess compliance of systems and technologies.
• Communicate findings and recommendations to management and other stakeholders.
• Monitor and track corrective actions in the form of Plan of Action and Milestones (POA&Ms) to ensure that deficiencies are addressed in a timely manner.
• Stay abreast of changes to NIST and FISMA guidance and incorporate these changes into the organizational RMF process.
• Create and maintain organizational Interconnection Service Agreements.

• As a requirement of this position, all candidates must be either a U.S. Citizen or have official legal status in the United States. In accordance with 8 U.S.C. 1324b(a)(2)(C) , Epsilon will not consider candidates for this position who do not meet the aforementioned conditions.
• No less than 5 years of RMF experience will be considered. 8+ years of working experience in federal government Risk Management Framework practices as it relates to system security is preferred.
• Demonstrate a strong knowledge and experience supporting the Risk Management Framework and applicable guidance/requirements. (NIST 800-53)
• Demonstrated understanding of Cyber Security policies, FedRAMP and/or other US Government Assessment and Authorization (A&A) processes and procedures.
• Proven experience with documenting required supporting artifacts to obtain and maintain an Authority to Operate (ATO).
• Clear understanding of network and systems architecture.
• Must have technical knowledge or experience to be able to articulate decisions made for security controls, implementation, and inheritance with assessment personnel.
  • Beneficial technical background or experience would be Systems Administration or Engineering.
• Must have the ability to understand the DISC environment and how the technology within that environment is used. The ability to look at an architectural diagram and understand how the system is built and what the data flow on the diagram means.
• Ability to conduct interviews with technical subject matter experts to gather information and assess compliance with controls.
• Experience with Microsoft Office, specifically, Word, Excel, Teams, and PowerPoint.
• Strong analytical skills and attention to detail.
• Excellent written and verbal communication skills to communicate with key stakeholders, process owners, and customers to manage expectations, eliminate gaps, and ensure success.
• Ability to work independently and as part of a team.

• Bachelor’s degree in information systems or related field.
• Experience working with commercial Cloud Service Providers.
• Professional certification such as CIA, CISA, or CISSP.

• Will be subject to a Federal Government Background Investigation