IT Security Analyst
IT Security Analyst
Required Clearance: Active Secret
The Security Analyst will fill one of the roles of the Enterprise Information System Security Office (ISSO) and Technical Expert in support of a Federal Agency CISO providing support by:
- Demonstrating experience as an ISSO supporting major Federal systems/applications
- Experience developing, tracking, and managing POA&Ms
- Experience developing system/application Security Authorization documentation (SSP, CP, CPT, CMP, SAR)
- Ability to perform comprehensive systems assessments to identify vulnerabilities and risks, including providing reporting on assessment results as well as risk mitigation and remediation recommendations and plans.
- Communicate known security risks and solutions to mitigate risks to management and operational staff as needed.
- Serve as a Security expert on application development, database design, network and/or platform projects, helping project teams comply with security requirements specified by OMB Circular A-123, FISMA and NIST Guidance.
- Participate in network architecture reviews and develop detailed security requirements and design plans.
- Responsible for the configuration of security controls to ensure the safety of information systems assets and to protect from unauthorized access or intentional destruction.
- Recommend and schedule fixes, security patches, disaster recovery procedures and other required measures in the event of a security breach
- Knowledge or experience with SharePoint, Mobile, Citrix, and Cloud Technologies
- Keep current with emerging security trends, issues, and alerts
- Excellent verbal and written communication skills
- Strong technical expertise in the understanding of network/system architecture and design
- Understanding of scripting or programming languages as it relates to analyzing security data
- Ability to utilize security tools (e.g. Nessus) to perform risk/vulnerability assessments
- Ability to develop and recommend risk based decisions regarding the implementation and use of custom/commercial software/hardware products
- Bachelors Degree or Higher
- At least one IT Security Certification (e.g. Security +, CAP, CISSP, CEH, GSEC)
Required Years of Experience:
- 5+ years