Security Analyst - Consultant

• Champion DevSecOps & Security Automation: Design, implement, and maintain security automation tools. Develop scripts to automate data protection, vulnerability scanning, and access control tasks.

• Monitor & Analyze Security Events: Use SIEM tools to detect threats, analyze logs, investigate alerts, and identify gaps in existing controls to improve the agency's security posture.

• Support Secure Application Development: Collaborate with developers to embed secure coding practices throughout the SDLC and conduct code reviews, threat modeling, and risk assessments.

• Incident Response & Mitigation: Participate in security incident investigations, identify root causes, and execute remediation and recovery procedures.

• Documentation & Training: Develop and maintain documentation for security policies, procedures, and best practices. Create user guides and training materials.

• Other Duties: Provide on-call support and perform other related security functions as required.

• 5+ years of expert-level experience in C#, Python, PowerShell, or Rust
• 1+ year understanding of automation principles, including the use of AI, ML, and scripting for security tasks
• 3+ years understanding of SDLC and DevSecOps principles
• 3+ years proficiency in Cloud Security (IAM, data security, and compliance)
• Exceptional communication and interpersonal skills with proven experience documenting and training on security processes

Preferred Skills

• 1+ year hands-on experience with SIEM tools (configuration, tuning, alert creation, threat hunting)
• 1+ year working knowledge of security frameworks (NIST, CIS, CISA) and their hybrid environment applications
• 1+ year experience in Data Classification and DLP configuration
• Familiarity with incident response processes and implementation best practices
• Strong understanding of security controls in hybrid infrastructures

Education Requirement

• Bachelor's degree in Computer Science, Cybersecurity, IT Systems, or related field

Equivalent professional experience may substitute for formal education on a year-for-year basis.

Preferred Certifications (Not required but preferred)

• GCIH - GIAC Certified Incident Handler
• CSIH - Certified Computer Security Incident Handler
• ECIH - EC-Council Certified Incident Handler
• CND - EC-Council Certified Network Defender
• GCIP - GIAC Critical Infrastructure Protection
• GDSA - GIAC Defensible Security Architecture

About US: InterSources Inc. is a Small, Woman, and Minority-Owned Business Enterprise, ISO/IEC 27001, SOC 2 Type 2 certified company with massive 18+ years of diversified experience in providing IT Consulting Services, Artificial Intelligence, Data Analysis, Application Development, Cloud Services, Cybersecurity, Digital Marketing, ERP Management, Custom Software Development, Web Development, UI/ UX Design, System Integration, QA Support etc. We make reasonable accommodations for clients and employees, and we do not discriminate based on any protected attribute including race, religion, color, national origin, gender sexual orientation, gender identity, age, or marital status. We also are a Google Cloud and Oracle partner company.