Information System Security Analyst with Security Clearance

at Altamira
Published May 14, 2022
Location Dulles, VA
Category Default  
Job Type Full-time  

Description

* Information System Security Analyst All levels of Information System Security Analyst will have the skills listed below. Each level may have additional education, skill and/or experience requirements. The Information System Security Analyst applies current technologies to the design, development, evaluation and integration of computer information systems and networks to maintain system security. May work with commercial computer product vendors in the design and evaluation of state-of-the-art secure COTS applications, operating systems, networks and database products and technology. Provides security engineering and integration services to internal customers. Involved in a wide range of issues including secure architectures, secure electronic data traffic, network security, information security and privacy. Uses encryption technology, penetration, risk management and vulnerability analysis of various security technologies and information technology security research. Develops security systems for any manual or automated systems environments. Responsible for ensuring the protection of company data against unauthorized disclosure, accidental or intentional loss of data, or unauthorized modification. May prepare security reports. Required skills include: * Active Top Secret/Sensitive Compartmented Information (TS/SCI) security clearance required. * U.S. Citizenship required. * Maintain operational security posture for the program to ensure information systems security policies, standards, and procedures are established and followed. * Assist with the management of security aspects of the information system and performs day-to-day security operations of the system. * Evaluate security solutions to ensure they meet security requirements for processing classified information. * Perform vulnerability/risk assessment analysis to support certification and accreditation. * Provides configuration management (CM) for information system security software, hardware, and firmware. * Manage changes to system and assesses the security impact of those changes. * Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, etc. * Experience and/or familiarity with Certification and Accreditation (C&A). * Experience and/or familiarity with the following network protection devices: Firewalls, intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow and packet analysis * Experience and/or familiarity with Secure Technical Implementation Guides (STIGs), Information Assurance Vulnerability Alert (IAVA), DCID 6/3, Federal Information Security Management Act (FISMA) and other tools using industry best practices. * DoD 8570.1-M Compliance at IAT Level I or equivalency (e.g., Certified Information Systems Security Professional (CISSP)) certification required Desired skills include: * Experience or familiarity with Agile development methodology. * SCA01: Information System Security Analyst - I * No demonstrated experience required. * Bachelor's degree in Information Security, Cyber Engineering or a related discipline is required.
[Four (4) years of experience may be substituted for a degree.] * SCA02: Information System Security Analyst - II * Two (2) or more years of cyber security experience required.
[A Master's degree in a related discipline may substitute for two (2) years of experience] * Bachelor's degree in Information Security, Cyber Engineering or a related discipline is required.
[Four (4) years of experience (for a total of six (6) or more years) may be substituted for a degree.] * SCA03: Information System Security Analyst - Senior I * Four (4) or more years of software development experience required.
[A Master's degree in a related discipline may substitute for two (2) years of experience. A PhD may substitute for four (4) years of experience.] * Bachelor's degree in Information Security, Cyber Engineering or a related discipline is required.
[Six (6) years of experience (for a total of ten (10) or more years) may be substituted for a degree.] Additional Responsibilities and/or skills: * Perform analysis on large data sets. * Provide security services for certification and accreditation (C&A) requirements, including developing and maintaining information assurance documentation for all network components. * Support continuous monitoring and FISMA compliance. * Conduct bi monthly vulnerability scans and reconcile results, and report all findings. * Experience with one or more of the following: Netezza, Mantra Centrifuge, Aginity Workbech, LYNXeon Cyber Solutions, VIAssist, IN-SPIRE, CyberSource, iClass, SPSS, Max Mind, Quova, etc. Certifications: * DoD 8570.1-M Compliance at IAT Level I (e.g., Certified Information Systems Security Professional (CISSP)) certification required. * Cisco Certified Network Professional (CCNP), Cisco Certified Security Professional (CCSP) or similar certification required. * SCA04: Information System Security Analyst - Senior II * Six (6) or more years of software development experience required.
[A Master's degree in a related discipline may substitute for two (2) years of experience. A PhD may substitute for four (4) years of experience.] * Bachelor's degree in Information Security, Cyber Engineering or a related discipline is required.
[Eight (8) years of experience (for a total of fourteen (14) or more years) may be substituted for a degree.] Additional Responsibilities and/or skills: * Experience leading security analysis teams. * Perform analysis on large data sets. * Provide security services for certification and accreditation (C&A) requirements, including developing and maintaining information assurance documentation for all network components. * Support continuous monitoring and FISMA compliance. * Conduct bi monthly vulnerability scans and reconcile results, and report all findings. * Experience with one or more of the following: Netezza, Mantra Centrifuge, Aginity Workbech, LYNXeon Cyber Solutions, VIAssist, IN-SPIRE, CyberSource, iClass, SPSS, Max Mind, Quova, etc. * SourceFire experience desired. Certifications: * DoD 8570.1-M Compliance at IAT Level I (e.g., Certified Information Systems Security Professional (CISSP)) certification required. * Cisco Certified Network Professional (CCNP), Cisco Certified Security Professional (CCSP) or similar certification required. * SCA05: Information System Security Analyst - Principal I * Eight (8) or more years of systems development experience required.
[A Master's degree in a related discipline may substitute for two (2) years of experience. A PhD may substitute for four (4) years of experience.] * Bachelor's degree in Information Security, Cyber Engineering or a related discipline is required.
[Ten (10) years of experience (for a total of eighteen (18) or more years) may be substituted for a degree.] Additional Responsibilities and/or skills: * Perform Information Systems Security Engineering functions. * Perform technical security assessment to identify points of vulnerability, non-compliance with information assurance (IA) standards and recommend mitigation strategies. * Validate and verify system security requirements definitions and analysis and establish system security designs. * Design, develop, implement and/or integrate IA and security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements. * Assess and mitigate system security threats/risks throughout the program life cycle. * Contribute to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations. * Develop and review certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its content. * Apply system security engineering expertise to one or more of the following: system security design process, engineering life cycle, information domain, cross domain solutions, commercial off-the-shelf and government off-the-shelf cryptography, identification; authentication; and authorization, system integration, risk management, intrusion detection, contingency planning, incident handling, configuration control, change management, auditing, certification and accreditation process, principles of IA (confidentiality, integrity, non-repudiation, availability, and access control), and security testing. * Recommend hardware, software, and develop policies and procedures to investigate malware incidents for multiple networks. * Develop analysis and make recommendations for hardware and software that will mitigate malware intrusions. * Develop, implement and maintain the information system security posture across multiple networks * Perform analysis on large data sets. * Provide security services for certification and accreditation (C&A) requirements, including developing and maintaining information assurance documentation for all network components. * Support continuous monitoring and FISMA compliance. * Conduct bi monthly vulnerability scans and reconcile results, and report all findings. * Experience with one or more of the following: Netezza, Mantra Centrifuge, Aginity Workbech, LYNXeon Cyber Solutions, VIAssist, IN-SPIRE, CyberSource, iClass, SPSS, Max Mind, Quova, etc. * Experience with Earned Value Management Systems (EVMS), compliant with ANSI/EIA Standard 748-B required. * Establish common processes across tasks, including configuration management (CM), risk management, quality assurance (QA), etc. * Experience with ArcSight desired. * SourceFire experience required. Certifications: * DoD 8570.1-M Compliance at IAT Level I (e.g., Certified Information Systems Security Professional (CISSP)) certification required. * Cisco Certified Network Professional (CCNP), Cisco Certified Sec

Drop files here browse files ...