Information Security Analyst

DecisionPoint•Portsmouth, VA

1d•Onsite

About The Position

DecisionPoint Corporation is seeking an Information Security Analyst to support the Norfolk Naval Shipyard (NNSY) IT Support Services contract. NNSY’s mission is to safely return warships to the Fleet on time and within budget, supported by secure and reliable information systems. This position is fully on-site. Duties & Responsibilities Apply computer security (CS) and information security (INFOSEC) concepts, principles, and requirements to protect enterprise IT systems and data. Conduct system and network vulnerability analyses to identify security weaknesses and recommend corrective actions. Perform risk assessments and risk mitigation analyses to reduce threats and vulnerabilities to acceptable levels. Support and execute Security Test and Evaluation (ST&E) activities to validate system security controls and compliance. Develop, maintain, and support contingency planning activities, including backup, recovery, and continuity of operations. Configure, implement, and maintain firewall policies in accordance with security requirements and approved configurations. Manage and assess network ports and protocols to ensure secure and authorized communications. Perform day-to-day Vulnerability Remediation Asset Management (VRAM) activities to track, prioritize, and resolve identified vulnerabilities. Enter and maintain system baseline configurations in VRAM by uploading and validating vulnerability scan results from representative baseline systems. Utilize cyber security tools and applications, including ACAS, HBSS, Microsoft Defender for Endpoint (MDE), Microsoft Defender for Identity (MDI), and Splunk, to monitor, analyze, and remediate security events. Apply expert-level institutional knowledge and a minimum of four (4) years of experience supporting mission-critical procedures, systems, and processes related to Information Technology and Cybersecurity requirements. Ensure compliance with cybersecurity requirements defined by applicable public laws, national policies, DoD and Department of the Navy (DoN) guidance, including FISMA, DoDD 8100.02, DoDI 8500.01, DoDI 8520, DoDI 8530, DoDI 8531, SECNAVINST 5239 series, OPNAVINST 5239 series, and NIST Special Publication 800 series. Apply expert knowledge of and experience with the requirements outlined in OPNAVINST N9210.3, Safeguarding Naval Nuclear Propulsion Information. Maintain full qualification in accordance with DoD 8570.01-M requirements.

Requirements

Active Top Secret clearance.
Bachelor’s degree in an IT-related discipline or a Level II Certification (CompTIA Security+ or higher) with a minimum of four (4) years of experience performing Computer Security (CS) analysis.
Demonstrated experience supporting cyber metrics analysis and reporting.
Experience conducting incident response and mitigation activities.
Experience performing risk mitigation analysis and developing corrective action recommendations.
Experience developing and supporting contingency plans to ensure system resilience and continuity of operations.

Responsibilities

Apply computer security (CS) and information security (INFOSEC) concepts, principles, and requirements to protect enterprise IT systems and data.
Conduct system and network vulnerability analyses to identify security weaknesses and recommend corrective actions.
Perform risk assessments and risk mitigation analyses to reduce threats and vulnerabilities to acceptable levels.
Support and execute Security Test and Evaluation (ST&E) activities to validate system security controls and compliance.
Develop, maintain, and support contingency planning activities, including backup, recovery, and continuity of operations.
Configure, implement, and maintain firewall policies in accordance with security requirements and approved configurations.
Manage and assess network ports and protocols to ensure secure and authorized communications.
Perform day-to-day Vulnerability Remediation Asset Management (VRAM) activities to track, prioritize, and resolve identified vulnerabilities.
Enter and maintain system baseline configurations in VRAM by uploading and validating vulnerability scan results from representative baseline systems.
Utilize cyber security tools and applications, including ACAS, HBSS, Microsoft Defender for Endpoint (MDE), Microsoft Defender for Identity (MDI), and Splunk, to monitor, analyze, and remediate security events.
Apply expert-level institutional knowledge and a minimum of four (4) years of experience supporting mission-critical procedures, systems, and processes related to Information Technology and Cybersecurity requirements.
Ensure compliance with cybersecurity requirements defined by applicable public laws, national policies, DoD and Department of the Navy (DoN) guidance, including FISMA, DoDD 8100.02, DoDI 8500.01, DoDI 8520, DoDI 8530, DoDI 8531, SECNAVINST 5239 series, OPNAVINST 5239 series, and NIST Special Publication 800 series.
Apply expert knowledge of and experience with the requirements outlined in OPNAVINST N9210.3, Safeguarding Naval Nuclear Propulsion Information.
Maintain full qualification in accordance with DoD 8570.01-M requirements.