RISCPoint

1 Job

44 Employees

About the Company

RISCPoint is proud to offer a comprehensive suite of business focused cybersecurity and compliance services. Our services are custom tailored to your environment and objectives. We have extensive expertise in the areas shown below, and while each engagement is customized to your objective, our methodology covers Program Readiness Assessments, Program Implementation, Remediation, Optimization, Audit Defense, and On-Going Support.

Enterprise Compliance
- SOC 2
- ISO 27001, 27017, 27018
- HITRUST
- HIPAA (NIST 800-66)
- HIPAA Business Associate Governance
- Privacy (CCPA/CPRA, GDPR, ISO 27701, etc.)
- NIST CSF
- WCAG 2.1, VPAT, and ADA

Public Sector
- FedRAMP
- StateRAMP
- FISMA
- TX-RAMP
- CMMC
- DOD DISA
- ITAR
- NIST 800-171
- NIST 800-172
- NIST 800-53

Cybersecurity Defense
- Red Teaming
- Penetration Testing
- Ransomware Assessments
- Vulnerability Assessments
- Incident Response Program
- Application Security
- Security Engineering
Risk Management
- Risk Assessments
- Vendor Management
- Virtual Compliance Team
- Virtual Executive Team (CISO, ISSO, CIO, CTO)
- Plan Simulations (Business Continuity, Disaster Recovery, Incident Response)

About RISCPoint
RISCPoint Advisory Group is an industry leader in providing custom-tailored security and compliance services. Founded with the vision to seamlessly integrate with teams, while utilizing only high-performing professionals with deep technical and operational expertise, RISCPoint has successfully served companies ranging from Fortune 10 to pre-Series A startups. To learn more, visit riscpoint.com/contact or call (888) 320-1327.

Listed Jobs

Company Name: RISCPoint
Job Title: Security Operations Center Analyst
Job Description: **Job Title** Security Operations Center Analyst **Role Summary** Monitor, detect, and respond to security events across FedRAMP‑authorized cloud environments. Conduct continuous monitoring, vulnerability assessments, and incident response to maintain compliance with FedRAMP, NIST, and organizational controls. Collaborate with engineering, compliance, and audit teams to update documentation, validate control effectiveness, and provide threat intelligence. **Expectations** - Active participation in 24/7 on‑call rotation. - Maintain up‑to‑date security tooling and documentation. - Deliver timely incident notifications and remediate vulnerabilities. - Ensure FedRAMP Continuous Monitoring alignment and produce threat‑hunting reports. **Key Responsibilities** - Operate and refine automated monitoring tools (SIEM, IDS/IPS, CSPM). - Respond to alerts, conduct investigations, and dispatch incident communications. - Execute weekly vulnerability scans (Nessus, Qualys, Rapid7), analyze findings, and coordinate remediation. - Produce weekly dashboards, metrics, and quarterly threat‑hunting exercises. - Maintain POA&M, SSP updates, and support 3PAO audits. - Develop custom detection rules, tune alerts to reduce false positives, and create/maintain security dashboards. - Lead continuous improvement of security posture in AWS GovCloud environments. **Required Skills** - 2–4 years SOC/incident‑response experience. - 1–2 years AWS (GovCloud) security operations. - Proficiency with vulnerability scanners: Tenable, Qualys, Rapid7. - Hands‑on SIEM: Splunk ES, Azure Sentinel, Google SecOps. - Knowledge of IDS/IPS (Suricata, Zeek, Snort). - Cloud security services: GuardDuty, Security Hub, CloudTrail, IAM, VPC Flow Logs. - Endpoint protection: CrowdStrike, Carbon Black, Microsoft Defender. - Incident response frameworks (NIST 800‑61), NIST 800‑53 Rev. 5, FedRAMP compliance. - Scripting/automation: Python, Ansible, Terraform, AWS CLI. **Required Education & Certifications** - Security+ or equivalent DoD 8570 IAT Level II. - Preferred: ISC2 CISSP/CCSP, GIAC GCIH, AWS Security Specialist, or AWS Certified Solutions Architect – Associate.