|Date Posted||May 8, 2019|
Contract to Hire
Security Analyst IV
Location: Washington, DC
Clearance: Public Trust
We are currently seeking a motivated, career and customer oriented Security Analyst to joing our team in Washington, DC to work closely with program teams validating system compliance with the Department of Justice (DOJ) organization’s security policy.
The candidate will be able to provide procedural, technical, and architectural recommendations to our client, program management, and engineering staff on security matters as required. The candidate will conduct and report on vulnerability and compliance scans, manage Identify Access management and other security engineering activities, and support C&A to obtain Authority To Operate (ATO) for program systems and perform other duties and special projects as needed or directed by the IT Security Manager. The candidate should have a demonstrated understanding of an SDLC and possess professional oral & written communication skills.
Duties/Tasks and Responsibilities:
• Ensure our applications and infrastructure are secured to the highest standard; thus maintaining and continuing to optimize our security posture.
• With minimal supervision analyze system services, operating systems, networks and applications and provide documented analysis.
• Performs risk analysis and security audit services, and develops analytical reports.
• Participate in security audits, risk analysis, vulnerability testing, and security reviews on all program systems.
• Support the maintenance of FISMA compliant security programs. This includes the creation of Security Authorization packages and oversight of annual Continuous Monitoring assessments and re-authorizations to include vulnerability scanning, interviews and system testing.
• Execute and deliver monthly and quarterly vulnerability scans using tools Nessus, DbProtect, Guardium, and, Cenzic Hailstorm.
• Assess, gather, and evaluate client application requirements and complete analysis sheets.
• Coordinate remediation efforts with developers, testers, operations, engineers, and clients.
• Provide technical support, prepare presentations, and conduct application demonstrations.
• Design, customize, and deliver solutions training and technical presentations.
• Monitor system security and responds to incidents.
• Monitor security advisory groups to ensure all necessary network security updates, patches and preventive measures are in place.
• Develop network device baseline configurations and firmware management plans
• Assist with development and training of management, administrators, engineers and users on security policies and procedures.
• Conduct comprehensive expert analysis on current or emerging cyber threats to improve understanding and help to mitigate future threats.
• Independently develop a variety of Security Authorization deliverables including: System Security Plans, Security Assessment Reports, Risk Assessment Reports, Privacy Impact Assessments (PIA), Annual Assessments, Contingency Plans, FIPS 199 Security Categorizations, Plan of Action and Milestones (POA&M), etc.
• Support the review and maintenance of Security Authorization documents in accordance with Federal, DOJ, and applicable local regulations.
• Assist in the delivery for updated security plans policies, standard operating procedures on or before the required due dates.
• Perform Continuous Security Monitoring using DOJ approved tools such as ELMS BigFix, ArcSight, Firewalls, and NAC.
• Collaborate with other IT teams to assist in resolution of security issues.
• Provide guidance on security threats, technology, standards, and practices.
• Investigates security issues that appear under new threat scenarios
• Security Professional designation such as CISSP (highly desirable) and Security+.
• ERPM Knowledge/Certification is a plus
• Demonstrated experience of Active Directory (AD) in relation to system administration.
• Demonstrated experience with Vulnerability Assessments, Incident Response, Penetration testing, Intrusion Detection/Prevention, Security Monitoring, application security assessments, risk assessments, security awareness, or related information security subject areas.
• Demonstrated experience with ArcSight SIEM Tool.
• Ability to quickly respond to problems affecting system security.
• Demonstrated experience with system and network security engineering best practices, operating systems and application auditing.
• Proven ability to achieve successful results in FISMA\FISCAM implementation in Federal environment.
• Requires previous experience working in a security admin role related duties such as system hardening, development of audit reports, creating secured baseline device configurations and penetration testing.
• Must have “Can Do - Professional Attitude” and Team player
U.S. CITIZENSHIP REQUIRED
Must pass a DOJ Minimal Background Investigation, MBI, Level 5 background investigation. Valid EQIP JPAS transfers acceptable
Requires a Bachelor’s Degree and a minimum of 8 years of related experience
ABBTECH is an EOE/Minorities/Women/Disabled Individuals/Veterans