Full Time Employee
Senior Information Security Analyst (Job Number:422118)
- As part of the Security Architecture Team providing direct support to the agency CISO, performs analysis of systems, programs, and/or planning activities.
- Duties include the development of policies, procedures, and other technical documentation, and the planning and execution of new initiatives, to support and enhance the agency's information security program.
- Duties may also include the design, development, and coordination of relationships and solutions to resolve problems within the specialty area.
- The position requires substantial knowledge of advanced theory and current practices in information security utilizing analytical skills.
- Support risk analyses on existing and to-be Web/application/database services, and the infrastructure/architectures supporting them
- Document and present findings
- Apply threat modeling concepts (Decomposition and threat and vulnerability discovery)
- Assist platform owners and design teams in applying the necessary security controls to mitigate associated risks
- Ensure appropriate security provisioning during varying phases of SDLC:
- Review business requirements and document security requirements for the information systems
- Ensure security standards are applied from design to UAT
- Assist in the performance of security impact analysis for each proposed change to the system’s configuration
- Assist in maintaining plan of actions and milestones (POA&Ms) and the remediation of identified weaknesses.
- Provide assistance in the development of security policies and procedures and also assist ensuring compliance with those policies and procedures.
- Provide assistance in developing and updating security artifacts
- Support agency operations involving information security auditing, monitoring and analysis
- Support agency response to vulnerability assessment results
- B.S. or B.A. in a technical field such as information/cyber security, computer science, information systems, or systems engineering
- Minimum eight (8) years relevant work experience
- Minimum of six (6) years information security work experience
Relevant Certifications (Not required, but preferred):
- Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP)
- Cloud security certification, such as Certified Cloud Security Professional (CCSP)
- Information risk management certification, such as CRISC (Certified in Risk and Information Systems Control)
- Broad understanding of security protections typical in enterprise environments, including security hardening, firewalls and input filtering, DMZ architectures and boundary/endpoint best practices
- Basic understanding of server, workstation, network, database and web technologies
- Familiarity with Cyber Security Assessment and Management (CSAM)
- Familiarity with Security Information and Event Management (SIEM) tools
- Familiarity with JIRA workflow development
- Familiarity with static and dynamic security testing tools (e.g., AppScan Source and AppScan Standard)
- Experience with application of NIST Risk Management Framework (SP 800-37)
- Proactive and aggressive, functions with little guidance, but also functions well in team environment
- Minimum of three (3) years Security standards and frameworks
- Project Manager – Practitioner
- Minimum of three (3) years of Cybersecurity Consulting
- Minimum of three (3) years of Information Security Assessment
- Minimum of one (1) year Security Development Lifecycle
- Minimum of one (1) year of Federal Information Security Management Act (FISMA)
SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC provides systems engineering and integration offerings for large, complex projects. Headquartered in McLean, Virginia, SAIC has approximately 15,000 employees and annual revenues of about $4.3 billion.
EOE AA M/F/Vet/Disability
Job Posting: Sep 23, 2016, 5:44:39 PM
Primary Location: United States-MO-KANSAS CITY
Clearance Level Must Currently Possess: None
Clearance Level Must Be Able to Obtain: Public Trust
Potential for Teleworking: No
Shift: Day Job
To apply for this job, contact: