Senior Information Security Analyst

About The Position

Requirements

• Education: BS in Computer Science, Information Systems, Engineering, or other related scientific or technical discipline
• 10+ years experience relevant to Security Operations
• Strong experience with Agile Practices
• Excellent written and verbal communication skills
• Experience with Reporting – End of Life, EOL< and exploits (exploit reporting requires technical background to manage data, understand scanning system and output, etc)
• Experience with impact assessments
• Familiarity and experience with FISMA systems and NIST controls and support on how to implement them; familiarity with all the NIST A&A documents and how to use them
• Familiarity with networking, operating system, and middleware builds (configuration baselines)
• Familiarity with CLOUD and FISMA processes (i.e. customer control matrices, security tools and options)
• Familiarity with DHS Binding Operational Directives

Nice To Haves

• USPTO experience preferred
• ITIL-related certifications, project management certifications are a plus
• Regex for understanding / editing scan signatures
• Scripting for Linux
• Tenable, DBProtect, HP WebInspect
• CSAM, the official cybersecurity repository
• Network operations and security (Juniper, Cisco, F5, etc)
• IPv6
• Certificates / PKI Implementation
• Web security secure architecture
• Database security: Oracle, MySQL, Microsoft SQL Server, NoSQL DB's
• Windows Operating System security

Responsibilities

• Perform duties of Security Operations Specialists
• Produce high quality contractual and customer-required deliverables on time with minimal errors
• Monitoring security systems and responding to alarms and incidents in a timely SLA-based manner. This may include End of Life and exploits reporting, FISMA reporting, generating reports of analysis and discrepancies from background processes, log files, bath systems, scheduled production reports and/or workflow logs
• Analyzing assorted tool output in order to support implementation of Operations Security, concerning vulnerabilities, POA&M progress, and other activities
• Assisting in communicating on operational status, establishing communication plans, and providing written and oral communication across technical, executive, leadership, and customer audiences
• Providing support of Operations Security and Remediation Team's role – providing technical advice and NIST based information on assurance governance guidance
• Providing technical support for annual Authorization & Accreditation (A&A) security assessments
• Analyzing vulnerability and compliance scans for false positive identification and evaluate in terms of operations system data
• Track and establish root cause of vulnerabilities that are not resolved in a timely manner
• Review/Update/Create system security configuration baselines
• Support incident response activities, tracking, identifying host owners, and coordinating information with other internal teams
• Help define and prioritize actionable timely recommendations for addressing compliance and vulnerability issues for network, operating systems, middleware, databases and applications

Benefits

• Company-supported medical, dental, vision, life, STD, and LTD insurance
• Benefits include 11 federal holidays and PTO
• Eligible employees may receive performance-based incentives in recognition of individual and/or team achievements.
• 401(k) with company matching
• Flexible Spending Accounts for commuter, medical, and dependent care expenses
• Tuition Assistance
• Charitable Contribution matching