Information Security Analyst

We are seeking an experienced and detail-oriented Information Security Analyst (NIST RMF) to support security risk management, compliance, and authorization efforts across enterprise systems. This role focuses on using the NIST Risk Management Framework (RMF), ensuring federal compliance, and remediating vulnerabilities in both internal and cloud-based environments. You will bring extensive experience with federal security standards and hands-on technical expertise in infrastructure security.

WORKSITE: Onsite preferred with potential remote flexibility

WORK SCHEDULE: Monday-Friday, standard business hours

COMPENSATION: $55.00 - $62.00 per hour

ANTICIPATED START DATE: 9.1.2025, 2-year contract

WHAT WE OFFER:

• Paid sick leave based on state regulations after 90 days of employment

• Medical, dental, and vision are offered after a waiting period (60% paid by Fortuna)

• Free TeleMedicine and Mental Health for all employees and their families

• Additional volunteer options such as Group Life Insurance, Accidental Insurance, Critical Care, Short Term Disability

WHAT YOU'LL DO:

• Conduct assessments using the NIST RMF to measure control effectiveness and identify gaps

• Ensure compliance with NIST Special Publications, FIPS, FedRAMP, and other federal policies

• Prepare and maintain security authorization packages and documentation (e.g., SSPs, SARs, Risk Assessments, POA&Ms)

• Analyze, document, and communicate risks; recommend and track remediation activities

• Support and manage vulnerability scanning (e.g., Nessus, Nexpose), analysis, and mitigation

• Lead Security Impact Assessments and third-party risk evaluations

• Coordinate security audits and report on control deficiencies

• Provide subject matter expertise and guidance to business units and technical stakeholders

• Enforce policy adherence and manage formal exception requests

• Maintain compliance documentation and contribute to global metrics and reporting

• Participate in briefings with executives and IT leadership regarding status and recommendations

• Collaborate with stakeholders to support business continuity, disaster recovery, and ongoing security initiatives

WHAT YOU'LL BRING:

Required Qualifications:

• Bachelor's degree in Computer Science or a related engineering field

• 10+ years of experience in Information Security

• 5+ years of hands-on experience managing and securing Windows Server platforms

• Deep knowledge of NIST 800 series and FIPS standards

• Expertise in developing and maintaining SA&A documentation for internal and FedRAMP systems

• Experience with security scanning tools (e.g., Nessus, Nexpose) and vulnerability remediation

Preferred Skills:

• Strong understanding of IAM, SSO, and authentication protocols (SAML, OAuth, etc.)

• Familiarity with Microsoft infrastructure (Active Directory, Group Policy, basic MS SQL)

• Excellent analytical, organizational, and problem-solving skills

• Effective communication skills with both technical and executive stakeholders

• Demonstrated ability to lead projects and manage multiple tasks in fast-paced environments

US Citizen Required (Public Trust Eligibility)

Fortuna operates as a staffing agency that sources, screens, and presents potential candidates for employment opportunities on behalf of our clients.

Fortuna was founded in 2012 by practicing professionals with more than 50 combined years of experience. Our headquarters is in McClellan, California, with offices in Los Angeles and New York, and satellite offices in the Philippines and Israel. Fortuna is an active member of multiple California service agreements, including the CMAS, ITMSA (Tier 2), and CalPERS SpringFed Pool, as well as various municipalities and large corporation vendor pools.

Career Site: www.gofortuna.com