Cyber Security Risk Analyst

Job description: Cyber Security Risk Analyst

Conversant Group is seeking a Cyber Security Risk Analyst for our Chattanooga, TN office.  We are looking for motivated self-starters interested in working in a fast-paced and dynamic technical environment conducting risk and vulnerability testing on client computers, networks, and security systems.

Essential Tasks, Duties, and Responsibilities:

The Cyber Security Risk Analyst will provide subject matter expertise to client programs in various cyber security areas, including Risk Management Frameworks (RMF).  The successful candidate will perform security assessments and compliance activities of client computers, networks, and systems using cyber security tools and procedures.  Following testing, the Cyber Security Risk Analyst must document their findings in risk reports to highlight current vulnerabilities, mitigations, and the residual cyber security risk posture.  Next, they will develop Risk Registers and Mitigation Plans to capture, prioritize, and establish action plans to address findings resulting from the assessments.  Cyber security is always evolving, so the Cyber Security Risk Analyst must keep up with the latest cyber security news, vulnerabilities, testing methodologies, and evaluate new testing tools.

Position Qualifications:

  • Experience developing or analyzing security tests and evaluation reports
  • Experience with evaluating computer networks and systems using Risk Management Frameworks (e.g., NIST 800-30, NIST 800-37, FAIR, OCTAVE, etc.)
  • Experience with information assurance, engineering, or operational support including supporting information technology operations, cyber operations, system administration, and systems security
  • Possession of excellent oral and written communication skills
  • Great interpersonal and teamwork skills
  • Critical thinking
  • HS diploma or GED
  • Some travel may be required to support client engagements

Additional Qualifications:

  • Experience with vulnerability testing and reconnaissance tools (e.g., Nessus, Rapid 7 Insight, OpenVAS, Nmap, etc.)
  • Knowledge of applicable regulations, NIST CST, NIST SP 800, 37, NIST SP 800, 53 or 53A, HIPAA, ISO 27001, and related cyber security frameworks
  • Experience with Security Technical Implementation Guides (STIGs)
  • Possession of excellent time management and analytical skills
  • CISA, CISSP, and/or GSEC certifications
  • BA or BS degree

Job Type:

  • Full-time
  • Remote work is possible but on-site is preferred