Information Security Analyst

Bristol Bay Native Corporation

$70K — $95K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of relevant experience in information security and networking
  • Thorough knowledge of network systems design and maintenance concepts
  • In-depth understanding of ICS/OT Security standards (e.g., NIST SP 800-82)
  • Proficiency with security policies, hardware, software, and operating systems
  • Bachelor's degree in Information Systems, Network Engineering, or Information Security
  • CompTIA Security+ certification required before contract start
  • Must be eligible for Secret clearance.

Responsibilities

  • Prepares risk assessment packages for RMF accreditation processes
  • Ensures compliance with Army management for RMF in systems depiction
  • Maintains security controls over software and hardware continually
  • Communicates security policies and standards within the organization
  • Participates in strategic planning for information security technology
  • Collaborates with government and contractors on RMF requirements
  • Conducts inquiries into security incidents related to RMF.

Benefits

  • Professional development opportunities
  • Access to advanced security tools and technologies
  • Collaborative work environment with cross-functional teams
  • Participation in strategic security initiatives
  • Opportunities for certifications and further education support.
Full Job Description
The Information Security Analyst interacts with Cyber Security Team and those on contractor personnel to ensure all contract related RMF requirements are fulfilled and submitted in eMASS. Prepares packages/risk assessments for accreditation, reaccreditation and self-assess processes of RMF, to include but not limited to providing artifacts, documentation, and eMASS input. Provides direction to ensure RMF is managed within Army management/ oversight to accurate depiction of the systems or products.

What You'll Do:
  • Establishes and ensures that appropriate security controls over software and hardware are maintained at all times. Analyzes software and hardware requirements. Patches devices in accordance with IAVAs and reports on compliancy.
  • Develops, manages and communicates organizational security policies and standards to protect company systems and assets.
    Researches emerging threats and recommends software and hardware solutions and procedures that neutralize those threats.
  • Designs, establishes and executes company security strategy.
  • Documents, reviews, maintains and edits security best practices and policies.
  • Communicates and collaborates with IT team to maintain equipment and optimize security of system architecture

The following duties ARE NOT intended to serve as a comprehensive list of all duties performed by all employees in this classification. Shown are duties intended to provide a representative summary of the major duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional, position-specific duties.

REPRESENTATIVE DUTIES:
  • Prepares packages/risk assessments for accreditation, reaccreditation and self-assess processes of RMF, to include but not limited to providing artifacts, documentation, and eMASS input.
  • Provides direction to ensure RMF is managed within Army management/ oversight to accurate depiction of the systems or products.
  • Establishes and ensures that appropriate security controls over software and hardware are maintained at all times. Analyzes software and hardware requirements. Patches devices in accordance with IAVAs and reports on compliancy.
  • Develops, manages and communicates organizational security policies and standards to protect company systems and assets.
  • Participate in strategic planning for the deployment of information security technologies and program enhancements in the supported environment
  • Work and communicate with government and contractor personnel on RMF requirements.
  • Conducts and facilitates inquiries into all security issues and incidents involving RMF and reports findings and recommendations.
  • Identify and evaluate complex technology risks and remediation methods to mitigate risks.
  • Assesses and evaluates network vulnerabilities. Reviews and analyzes network traffic, configurations, and operating procedures and provides recommendations to improve system security posture.
  • Performs other duties as assigned or required.


What You Bring:
  • Thorough knowledge of network systems design, development, testing, installation, operating, management, documenting, and maintenance concepts and methods to provide and protect network services.
  • Extensive knowledge of information technology methods and information protection techniques and procedures. This includes hardware, software, and operating systems; systems configuration and integration; maintenance, upgrades, and modifications, network operations functions, mapping and documenting architecture, firewalls, packet switching communications protocols, and diagnostic tools to analyze difficult and complex system problems and provide resolutions.
  • At least 3 years of security-related Information Technologies experience with at least 1 year networking with ports and protocols, with an understanding of securing ICS environments. Other experience (including any of the following but not limited to): Internet of Things (IOT) security, network administration, network security, server administration, system security, endpoint security, vulnerability, patch management, desktop security.
  • In-depth knowledge of ICS/Operational technology (OT) Security standards and guidelines (NIST SP 800-82r2, ISA/IEC-62443). Guidance; AR 25-2 Army Cybersecurity (Chapter 4), NIST Special Publication 800-53, Revision 4 (Including updates as of 01-22-2015); Security and Privacy Controls for Federal Information Systems and Organizations (http://csrc.nist.gov/publications/PubsSPs.html); Department of Defense Instructions (DoDI) 8510.01, March 12, 2014, Risk Management Framework (RMF) for DoD Information Technology (IT) (http://www.dtic.mil/whs/directives/corres/ins1.html); or future DOD regulation that supersedes these regulations.
  • Demonstrate problem solving, critical thinking and logical structuring skills. Strategic thinker with strong communication skills. Must be a self-starter, capable of working with minimal direction and as part of a team. Knowledge of project management principles and methods sufficient to balance workload with travel.


MINIMUM QUALIFICATIONS:
  • Must be able to obtain Secret clearance.
  • Bachelor's Degree or currently working in related field of study (including any of the following but not limited to): Information Systems, Network Engineering or Information Security
  • CompTIA Security+ is required prior to the start of work on contract. Will be providing support under the IAM I Level.
  • Recommended certifications in related field (including any of the following but not limited to): Security +, Network +, CISSP, CCNA Security, CCIE, MCSE, MCITP, SANS GICSP, CISM.
  • Strong awareness of the security landscape, risk management framework, emerging threats, operational impacts, and vulnerabilities.

Similar Jobs

More Jobs at Bristol Bay Native Corporation

More Information Technology Jobs

Find similar Information Security Analyst jobs: