Information Systems Security Analyst

About The Position

Requirements

• Four (4) years of experience in Cybersecurity
• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field required
• DOD 8570 IAT II certifications required (Security+ or equivalent)
• Active Secret, Top Secret, or TS/SCI clearance required
• Expert knowledge of cybersecurity principles, threats, vulnerabilities, and risk management processes
• Proficiency with encryption algorithms (IPSEC, AES, GRE, IKE, MD5, SHA, 3DES)
• Experience with data backup and recovery concepts, tools, and disaster recovery planning
• Strong knowledge of host/network access control mechanisms (ACLs)
• Experience with incident response and handling methodologies
• Proficiency in intrusion detection methodologies and network traffic analysis methods
• Expert knowledge of network protocols (TCP/IP, OSI model)
• Experience identifying and mitigating system and application security threats (buffer overflow, cross-site scripting, SQL injection)
• Knowledge of security architecture concepts and enterprise architecture reference models
• Understanding of national and international cybersecurity laws, regulations, policies, and ethics
• Knowledge of current and emerging threats, threat vectors, and enterprise incident response programs
• Experience with penetration testing principles, tools, and techniques
• Strong computer networking knowledge including protocols and security methodologies
• Experience with system performance and availability monitoring
• Knowledge of system software and organizational design standards (ISO guidelines)
• Understanding of system life cycle management principles including software security and usability
• Experience with system/server administration and systems engineering concepts
• Proficiency with server and client operating systems
• Knowledge of network security architecture concepts (topology, protocols, defense-in-depth)
• Experience with network systems management principles and tools
• Proficiency in system administration, network, and operating system hardening techniques
• Knowledge of cloud computing service and deployment models (SaaS, IaaS, PaaS)
• Experience with cloud security strategy and architecture
• Understanding of data security standards (PII, PCI, PHI)
• Knowledge of information security program management and project management principles
• Understanding of resource management principles and risk management processes
• Experience with secure acquisitions, procurement, and supply chain risk management
• Knowledge of IT supply chain security and risk management
• Understanding of applicable laws, statutes, Presidential Directives, and guidelines related to cybersecurity and privacy
• Knowledge of organizational risk tolerance and risk management approaches
• Understanding of critical IT procurement requirements

Responsibilities

• Apply cybersecurity principles, threat analysis, vulnerability assessment, and risk management processes to protect government information systems
• Implement and manage encryption algorithms including IPSEC, AES, GRE, IKE, MD5, SHA, and 3DES
• Develop and maintain data backup and recovery procedures and disaster recovery/continuity of operations plans
• Configure and manage host/network access control mechanisms including Access Control Lists (ACLs)
• Conduct incident response and handling activities following established methodologies
• Perform intrusion detection, network traffic analysis, and security monitoring
• Analyze system and application security threats and vulnerabilities including buffer overflow, cross-site scripting, and SQL injection attacks
• Design and implement security architecture using enterprise architecture reference models
• Ensure compliance with national and international cybersecurity laws, regulations, policies, and ethics standards
• Monitor current and emerging threats and threat vectors to proactively defend against attacks
• Conduct penetration testing using industry-standard principles, tools, and techniques
• Perform system administration, network hardening, and operating system security configuration
• Implement and manage cloud security controls for SaaS, IaaS, and PaaS environments
• Protect sensitive data including PII, PCI, and PHI in accordance with data security standards
• Support information security program management and risk management processes
• Participate in secure acquisitions and IT supply chain security activities