looking for an Information Systems Security Analyst to apply current technologies to the design, development, evaluation and integration of computer information systems and networks to maintain system security. Candidate may work with commercial computer product vendors in the design and evaluation of state-of-the-art secure COTS applications, operating systems, networks and database products and technology. Candidate will provide security engineering and integration services to internal customers and be involved in a wide range of issues including secure architectures, secure electronic data traffic, network security, information security and privacy. Candidate will use encryption technology, penetration, risk management and vulnerability analysis of various security technologies and information technology security research and develop security systems for any manual or automated systems environments. Candidate will be responsible for ensuring the protection of company data against unauthorized disclosure, accidental or intentional loss of data, or unauthorized modification. Candidate may also prepare security reports.
- Maintain operational security posture for the program to ensure information systems security policies, standards, and procedures are established and followed.
- Assist with the management of security aspects of the information system and performs day-to-day security operations of the system.
- Evaluate security solutions to ensure they meet security requirements for processing classified information.
- Perform vulnerability/risk assessment analysis to support certification and accreditation.
- Provide configuration management (CM) for information system security software, hardware, and firmware.
- Manage changes to system and assesses the security impact of those changes.
- Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, etc.
- Active Top Secret/Sensitive Compartmented Information (TS/SCI) security clearance.
- Bachelor's Degree in Information Security, Cyber Engineering or a related discipline.
- Minimum 8 years experience, or equivalent (no degree + 18 years exp; Masters + 6 years; PhD + 4 years).
- Experience and/or familiarity with Certification and Accreditation (C&A).
- Experience and/or familiarity with the following network protection devices: Firewalls, intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow and packet analysis
- Experience and/or familiarity with Secure Technical Implementation Guides (STIGs), Information Assurance Vulnerability Alert (IAVA), DCID 6/3, Federal Information Security Management Act (FISMA) and other tools using industry best practices.
- DoD 8570.1-M Compliance at IAT Level I or equivalency (e.g., Certified Information Systems Security Professional (CISSP)) certification.
Experience or familiarity with Agile development methodology.