Security Assessment & Risk Analyst

The Security Assessment & Risk Analyst is a Mid-Level position requiring the following abilities:

We’d like to hear from you.

Talatek looks for motivated people with information security backgrounds interested in growing with an entrepreneurial company. E-mail your cover letter and résumé to

  • Manage SA&A tasks for both FISMA and FedRAMP based assessments, and have in depth knowledge of all documents required by both the FedRAMP and FISMA SA&A processes.
  • Assess and analyze risk, and create formally documented risk assessments based on NIST standards to ensure IA (Information Assurance) design sufficiently mitigates IA risks
  • Define and plan procedures relating to securing technology as well as coordinate with other team members, client resources to effectively complete project requirements
  • Identify, document and report security issues and concerns to officials and be able to document these issues in both FISMA and FedRAMP Security Assessment Reports (SARs)
  • Manage and mitigate POA&Ms and necessary milestones to resolve IT and program security issues, and identify key areas where resource expenditure will most highly benefit client
  • Review and optimize technical solutions and processes to monitor the security of the client’s infrastructure [firewalls, servers, applications, anti-spam/anti-spyware tools, forensic integrity checking, encryption, key management tools, etc.] and ensure they are as up-to-date, and technically secure as possible.
  • Support the technical security architect role, updating design documents and instructional materials for non-security focused teams, detailing technical solutions and processes for security incident monitoring, audit and logging procedures for enhancing the client’s infrastructure security [firewalls, servers, applications, anti-spam/anti-spyware tools, forensic integrity checking, encryption, key management tools, etc.]
  • Support and provide in-depth understanding of the FedRAMP 3PAO processes and procedures, both from a support role as well as from an outside audit role, and be able to speak to these processes and procedures to potential clients


The Security Assessor/Auditor will:

  • Perform SA&A and FedRAMP 3PAO assessments and independent audits and document results in the necessary documentation
  • Build annual Continuous Monitoring Plans and present them to clients
  • Analyze controls according to Continuous Monitoring plans developed for government and non-government client, and Security Assessment Plans developed for CSPs during the FedRAMP process.
  • Obtain and analyze evidence or confirmation of practice for controls being assessed and organize evidence in order to demonstrate control was thoroughly reviewed.
  • Document assessment results regarding implementation/compliance status for various security controls in necessary FISMA and FedRAMP documentation
  • Record assessment results and continuous monitoring efforts in TalaTek designed GRC tool to support on-demand risk metrics for clients, as necessary.
  • Read and answer all work e-mails within one working day
  • Provide onsite (Client) support and attend meetings as needed
  • Respond to outside audit requests and findings in support of various clients
    • Supply documents requested by auditor as necessary
  • Conduct on-site visits to Client site(s), for
    • Security control and documentation review
    • Site inspections (PE Control family review)
  • Create White Papers on security topics as needed for TalaTek/Client
  • Develop and implement new processes based on changes to TalaTek, client and/or NIST and FedRAMP requirements


Expectations – The successful candidate will:

  • Work independently with minimal supervision
  • Know how to seek out guidance/assistance from appropriate resources when necessary
  • Apply great attention to detail when reviewing, updating, comparing documents and deliverables
  • Be capable of communicating complex issues efficiently and effectively to peers, TalaTek leadership and clients
  • Keep abreast of the latest technologies
  • Multitask effectively
  • Capitalize on strengths and identify areas of opportunities for improvement


Requirements — Security Assessment & Risk Analyst candidate will, at minimum, have:

  • CISSP, CAP, CISA or equivalent certification and continuing related professional development (or within 6-months of hire)
  • Bachelor’s Degree in Computer Science, Information Systems, Engineering, or equivalent 4 – 6 years of experience in Information Security. Four (4) years of additional overall experience can be substituted for the Bachelor’s Degree.
  • Possess proficient written and verbal communication skills in order to effectively interact with clients, project team, and TalaTek leadership


Ongoing Training requirements of the Security Assessment & Risk Analyst:

  • Ongoing research and training associated with being informed and aware of up-to-date security best-practices and relevant publications (i.e. NIST, FedRAMP, National Vulnerability Database, etc.)
  • Maintain Continuing Professional Education (CPE) requirements associated with security and/or project management certifications
  • Potential for additional training requirements will be determined on a candidate-by-candidate basis and based on the results on ongoing observation and skills assessments – training determinations to be discussed between TalaTek leadership and the candidate during annual skills assessments.
  • Training and information resources, include:

Connect with TalaTek

7 + 9 =