Information Security Analyst-Senior (RMF)

About The Position

Requirements

• A DOD Top Secret Security Clearance with DCID 6/4 eligibility
• Current DOD 8570 IAT Level II certification
• 4-6 years’ experience in Cybersecurity (Information Assurance) compliance and vulnerability testing
• Experience with COTS/GOTS/DOD CS Tools for security analysis and network scanning
• Vulnerability tool administration and execution
• Proficient with MS Office products
• Exceptional organizational, presentation and communication skills (verbal and written)
• Excellent listening and comprehension skills. Ability to extract and clearly articulate key concepts and requirements from verbal discussions, documentation and transcripts
• Familiar with handling and marking of classified information
• Familiarity with Security policies governing the storage of, access to, and transmittal, of classified information
• Must be self-starter, self-managed, responsive and dedicated, with a proven track record of exceptional performance, high productivity and meeting deadlines
• Must have customer service and team player skills
• Must maintain high levels of initiative and think outside the box
• Able to develop innovative methods to solve challenging problems with available manpower and tools
• Flexible, able to maintain a positive attitude in a fast-paced constantly changing environment
• Ability to work cooperatively and proactively with personnel at various levels within the organization

Nice To Haves

• Military background and experience with SOF
• Application security
• Software programming experience
• Current DOD 8570 IAT III certification
• B.S. or M.S. in Computer Science, Information Security, Mathematics, or IT related field

Responsibilities

• Ability to identify systemic security issues based on the analysis of vulnerability and configuration data
• Reconcile customer requirements within acceptable risks determined by DOD policies, command policies and generally accepted practices.
• Make recommendations for tools and processes to improve CS initiatives.
• Knowledge of Risk Management Framework (RMF) requirements
• Respond to daily inquiries via email, phone, or in-person from organization members
• Demonstrate appropriate discretion when handling classified/sensitive information
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems
• Knowledge of new and emerging information technology (IT) and information security technologies
• Knowledge of system lifecycle management principles, including software security and usability
• Conduct continuous analysis to identify network and system vulnerabilities
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions
• Knowledge of server administration and systems engineering theories, concepts, and methods
• Administer, operate, and maintain multiple vulnerability management servers/applications and RMF web database tool

Benefits

• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits