Sr. Information Security Analyst

About The Position

Requirements

• 8+ years experience in information security.
• Bachelor’s degree in a related field. Additional years of experience may be substituted for degree requirements.
• Must be CISSP certified.
• Proven expertise in the design and construction of Sensitive Compartmented Information Facilities (SCIFs).
• Strong knowledge of Air Force, DoD and applicable Federal Cybersecurity Directives and Instructions.
• Able to work dynamically and effectively with people on projects (formal and informal) and conduct technical interchanges as required.
• Must have strong customer service and communication skills.
• Able to work in a team environment and interact with all levels of an organization in a professional manner.
• Keen attention to detail.
• Must be a US citizen and hold a current Top Secret clearance with SCI Access (TS/SCI).

Responsibilities

• Perform oversight of the development, implementation, and evaluation of information system security program policy.
• Perform analysis of network security, based upon the ICD 503, DCID 6/3 Appendix E, DITSCAP, DIACAP, JSIG, and/or NISPOM Chapter 8; advise customer on IT certification and accreditation issues.
• Perform risk assessments and make recommendations to customers.
• Review system security to accommodate changes to policy or technology.
• Develop and maintain a formal Information Systems Security Program.
• Develop, review, endorse, and recommend action by the designated approval authority (DAA) of system certification documentation.
• Conduct certification tests that include verification that the features and assurances required for each protection level are functional.
• Coordinate AIS security inspections, tests, and reviews.
• Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system.
• Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local AIS security training.
• Ensure that security testing and evaluations are completed and documented.
• Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed.
• Assess changes in the system, its environment, and operational needs that could affect the accreditation.
• Conduct periodic testing of the security posture of the AIS.
• Ensure configuration management (CM) for security-relevant AIS software, hardware, and firmware are properly documented.
• Ensure that system recovery processes are monitored to ensure that security features and procedures are properly restored.
• Ensure that system security requirements are addressed during all phases of the system life cycle.
• Participate in self-inspections; identify security discrepancies and report security incidents.
• Provide expert research and analysis in support of expanding programs and area of responsibility.