Information Systems Analyst

About The Position

Requirements

• Basic knowledge of the following:
• Information assurance principles (confidentiality, integrity, availability) and RMF
• Proficiency in using cybersecurity tools such as vulnerability scanners, firewalls, and encryption technologies
• Regulatory standards
• Securing cloud environments
• GED and/or equivalent years of experience
• CompTIA Security + Required
• CCNA Required
• DoD 8140 Compliance Required
• U.S. Citizenship is Required
• Candidates must have an active clearance OR the ability to obtain a US Government security clearance and will be subject to a US security background investigation (i.e. favorable background investigation / credit score). Additional eligibility requirements for access to various levels of classified information may also be required. An active security clearance is highly desirable.

Nice To Haves

• Penetration testing tools or ethical hacking practices is a plus
• Research, analysis, installation, and test software updates and security patches
• BS STEM Degree Preferred
• Linux+ Preferred

Responsibilities

• Conduct assessments of existing IT architecture for compliance with security requirements from applicable security frameworks (such as FISMA, ISO 27001, NIST SP 800-53 etc.).
• Provide continuous monitoring support for information systems.
• Contribute to the development of IT architecture deliverables, specific to information security countermeasure implementations, for operational systems and systems under development.
• Follow IT security policies, standards, and guidance.
• Implement cyber-T&E strategy.
• Perform and review technical security assessments of computing environments to identify points of vulnerability, non-compliance with established information assurance (IA) standards and regulations, and recommend mitigation strategies.
• Validate and verify system security requirements definitions and analyze and establish system security designs.
• Apply leading-edge principles, theories, and concepts to the development, maintenance, and implementation of information security standards, procedures, and guidelines.
• Perform security research analysis and contribute to the design of all client computing systems and the network infrastructure.
• Contribute to the implementation and documentation of formal security programs and policies throughout the program and monitors compliance to these policies and programs.
• Conduct technical aspects of internal security audits and investigations.
• Maintain a library of security audit tools, and corresponding processes that can be used for system security testing, internal audits, incident response, and diagnosis of security-related system issues.
• Contribute to the creation, review, and adjudication of documentation, such as White Papers, Interface Control Document (ICD), System Requirement Document (SRD), Software Design Descriptions (SDDs), Software Test Plans (STPs), Software Test Descriptions (STDs), Software Test Reports (STRs), power point packages containing proposed design info, configuration changes for major security infrastructure platforms, information system authorization/accreditation packages, and various proposed test cases.
• Perform vulnerability assessments and Certification and Accreditation (C&A) activities (e.g., DoD, RMF).
• Implement security controls in networking devices databases, operating systems, hardware, and software components.
• Administer IA Vulnerability Alerts (IAVA), and security Plan of Action and Milestones (POA&M) mitigations through timely assessment of IAVA notices and POA&M corrective actions.