Mid-Level IT Security Analyst
- Military veterans preferred
2020-02-12 SAIC (www.saic.com)
Vienna Virginia 22182 United States
• Facilitate meetings with contractor, Agency and third-party contractor staff to support A&A-related engagements. • Track artifact and meeting requests and providing status reports on outstanding items to Agency staff. • Coordinate with contractor and Agency staff to provide requested artifacts for A&A-related engagements in a timely manner. • Review artifacts provided by contractor staff to ensure requested information have been properly provided and meet appropriate security/privacy requirements. • Coordinate vulnerability remediation efforts with contractor and Agency staff in order to remediate findings within specified deadlines. • Review policies and procedures for compliance with applicable standards; and to identify areas of improvement for finding remediation • Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc. • Identify potential risks associated with system configurations and advise on mitigation strategies • Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort • Assist customer program offices in interpreting and applying mitigation strategies • Review documentation to ensure compliance with Federal cybersecurity requirements • Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report findings in POA&Ms document to ISSO • Maintain cybersecurity procedures and processes as assigned • Able to analyze, interpret, and apply Federal cybersecurity guidance to customer needs • Communicate the security posture of systems through designated reporting mechanism
EDUCATION AND EXPERIENCE: Bachelors degree and five (5) years or more experience; Masters and three (3) years or more experience; PhD and 0 years related experience.
• 5+ years of experience in the following areas: Cybersecurity policy, procedures, and processes, including RMF and NIST 800-53 and A&A's • Experience using with Microsoft Office (Word, Excel, Visio, PowerPoint, MS Project), MS SharePoint
• Experience developing A&A documentation from scratch and performing assessments; RMF step 1 through 4
• Experience supporting ISSOs or acting as one • Familiar with NIST publications, specifically RMF and NIST controls • Familiar with dealing with defense-in-depth, and other information security and assurance principles and associated supporting technologies • Excellent customer service and organization skills • Excellent oral and written communication skills • Must be able to review artifact and meeting requests and determine correct contractor personnel based on requested information • Must be highly organized and detail oriented • Must be able to take initiative and work independently or as a member of a team. • Must demonstrate proficiency in the following areas: multi-tasking, critical thinking; and the ability to work quickly, efficiently and accurately in a dynamic and fluid environment
Clearance: Individual must have a current Public Trust clearance or be able to obtain a Public Trust clearance.
Bachelors degree in IT, Cyber Security, Computer Science or related field preferred.
• Experience working with Security engineering to review Nessus Vulnerability / Tripwire compliance scans • Experience performing on-site cybersecurity assessments using Standards such as CIS Benchmarks, DISA STIGS, etc. • Broad technical experience related to IT operations, networks, OS's, and system administration
One or more of the following certifications preferred (Security+, CAP, CISSP, CISM, GSEC, GCIH, or GSLC)