Information Security Analyst
PPC / DSA McLean, Virginia
Our client is seeking an Information Security Analyst with strong data analysis skills and the capability of utilizing, MS Access, Excel and SQL to perform said analysis. This is a great opportunity for a mid-level analyst who would like to move into a stronger, more hands-on Information Security role.
The candidate will also possess in-depth knowledge of applying, selecting and testing the NIST family of security controls.
The Information Security Analyst will be part of a small team responsible for supporting the development and maturation of an Agency-wide information security program for a large civilian Federal agency.
The Information Security Analyst will be responsible for a variety of tasks including but not limited to:
- Maintaining a vulnerability management process for the Agency,
- Coordinating data calls (FISMA, FMFIA, BDR, etc.) and monthly reports. CyberScope experience a plus.
- Managing InfoSec Program POA&Ms,
- Auditing POA&Ms,
- Analyzing vulnerabilities, POA&Ms and other findings,
- Providing administrative support to Telos Xacta IAM and/or RSA Archer users, and
- CDM implementation and support
The information security analyst will primarily use Agency provided tools such as Xacta (Risk Management Framework support tool), CSAM, or RSA Archer to track and reconcile findings from the system assessments, audits, and vulnerability scans.
Additionally, the Information Security Analyst will support other security program functions such as audit efforts, continuous monitoring, risk management and responding to ad hoc data calls.
The ideal candidate will possess a strong technical background with practical experience identifying and implementing remediation measures for system vulnerabilities and a desire to be involved in the establishing and maturing an Agency-wide information security program.
- US Citizenship
- 4-years or more of relevant job experience
- Written and oral communication skills including the ability to communicate complex technical issues to non-technical staff
- Experience applying, analyzing and assessing information systems and security controls (NIST SP800-53, Revision 4),
- Understanding of attack vectors and methodologies
- Knowledge of and experience with applying Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS)
- Experience working with perimeter technologies (e.g., firewalls, proxies, NIDS) and vulnerability management tools
- Demonstrated ability to prioritize and manage competing work assignments in a time sensitive environment
- Ability to weigh business risks and enforce appropriate information security measures
- Experience with vulnerability management, patch management and configuration management best practices
- Experience working with Federal Information Security Management Act (FISMA) requirements, and National Institute of Standards and Technology (NIST) guidelines
Required Tool Experience
· MS Office Suite (Word/Excel/Visio/Outlook)
· MS Access
· MS SQL
Preferred Tool Experience
· FoundStone Vulnerability Scanner
· Security Content Automation Protocol (SCAP)
· Symantec Endpoint
· Telos Xacta IA Manager
· CDM Dashboard/RSA Archer
- Bachelor’ s degree
- CISSP, CISM or equivalent security certification
- Working knowledge of CMMI
- Working knowledge of ITIL