Cyber Security Policy Analyst

Chickasaw Nation Industries Altoona , PA 16602

Posted 3 months ago

Overview

The Cybersecurity Engineer provides support to the Department of Health and Human Services (HHS), Program Support Center (PSC), Defense Security Cooperation Agency (DSCA), Information Technology (IT) Division, Software Assurance and Security Engineering, Systems Security Architecture, Assessment and Authorization and Information Systems Security Manager. This position performs cybersecurity compliance of the program, organization, system, or enclave and provides assistance in developing and writing, codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.

The analyst provides continuous active monitoring of systems across several locations:

  • Provide analysis and trending of security log data from a large number of heterogeneous security devices.

  • Provide threat and vulnerability analysis as well as security advisory services.

  • Provide Incident Response (IR) support when analysis confirms actionable incident.

  • Ability to identify possible malware risks and help resolve any current system infections

  • Ability to write reports based on findings for previous security breaches and threats

  • Investigate, document, and report on information security issues and emerging trends.

  • Prior Security Operations Center experience is a plus

We seek personnel who have knowledge of coding and TCP/IP (both necessary to the success of our program, while also ensuring those individuals have the proper skillsets necessary to both fulfill roles within Incident Response as well as our Secure Configuration Management (Vulnerability Management) space.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Essential duties and responsibilities include the following. Other duties may be assigned.

Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge / quality of work, supporting financial goals of the company, initiative / motivation, cooperation / relationships, problem analysis / discretion, accomplishing goals through organization, positive oral / written communication skills, leadership abilities, commitment to Affirmative Action, reliability / dependability, flexibility and ownership / accountability of actions taken.

Completes and submits a Project Plan identifying how to execute the tasks, who will complete each task, and a timeline of completion for each task.

Provides analysis and trending of security log data from a large number of heterogeneous security devices.

Provides threat and vulnerability analysis as well as security advisory services.

Provides Incident Response (IR) support when analysis confirms actionable incident.

Investigates, documents, and reports on information security issues and emerging trends.

Provides a comprehensive risk management plan to address, identify, assess, and provide prioritization of risks (including how risks will be recorded, reported, and mitigated. Monitors the plan and provide updates to the Project Manager.

Assists with coordinating an annual security awareness activity, generally held between June and November, intended to raise security awareness among users of DSCA-managed networks.

Provides operational risk management support for CS-managed systems including varying security classifications, architectures, mobile devices, Virtual Private Networks (VPNs) and other remote access architectures and technologies, including Secure Socket Layer (SSL)/Transport Layer Security (TLS).

Evaluates computer system and network security risks and determines methods to reduce, mitigate, or eliminate risk.

Identifies threats, vulnerabilities, and attacks, and then takes corrective action to minimize impact to system and network resources.

Provides Risk Assessment Reports to include the information security risk to organizational operations and assets, individuals, other organizations, or the Nation that derive from the operation and use or organizational information systems and the environments in which those systems operate.

Performs validation steps, comparing actual results with expected results and analyzes the differences to identify impact and risks.

Maintains and make available to the customer, a log of all security control validations performed, including dates, times, and names of personnel who performed the work.

Report any anomalies, unapproved system configurations, incidents, and undesired activity to the appropriate staff for resolution. Documents all infractions and anomalies in a spreadsheet and performs a trend analysis.

Responsible to understand the process of identifying DSCA Category Common Security Controls and System Inheritances using the DoD Enterprise Mission Assurance Support System (eMASS) to automate Assessment and Authorization (A&A) for all DSCA authorized information systems. Identifies system and business function commonalities using reciprocity to establish relational inheritance and shared responsibility between systems.

Verifies and validates privacy requirements, category categorization, category hierarchy, system publishing by category, and Cloud security control workflow and approval chain for DSCA authorized information systems.

Evaluates proposed changes for potentially adverse effects on the security posture of the CS - managed IT environment.

Participates in the CS change management process. Participation includes attending the weekly Enterprise Change Control Board (ECCB) meetings, reviewing Requests for Change (RFCs) distributed in email, and performing risk assessments on hardware and software. Makes determinations of the risk to confidentiality, integrity, availability, and accountability.

Assess system vulnerabilities with respect to the documented threat, ease of exploitation, potential rewards, and probability of occurrence.

Reviews new IT policies, standards, procedures, guidelines and unexpected/unintended configuration changes. Reports any unapproved configuration changes.

Provides assistance in developing and writing/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.

Assists with implementation of DoD enterprise-wide cybersecurity solutions that establish automated risk mitigation, security content management, and security state analysis.

Analyzes user needs and software requirements to determine feasibility of design within time and cost constraints.

Applies defensive functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities of supply chain vulnerabilities.

Compiles and writes documentation of program development and subsequent revisions, inserting comments in the coded instructions so others can understand the program.

Designs countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.

Develops system concepts and capability phases of the systems development lifecycle. Translates technology and environmental conditions into system and security designs and process.

Defines and documents how the implementation of a new system or new interface between systems impacts the security posture of the current environment.

Defines and prioritize essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event.

Evaluates the interface between hardware, software, and operational and performance requirements of the overall system.

Identifies and prioritizes critical business functions in collaboration with organizational stakeholders.

Identifies the protection needs of information systems and networks and documents appropriately. Provides advice on project costs, design concepts, or design changes.

Monitors, validates, and reports that all DSCA authorized information systems data are visible, available, and usable. Tags all data with metadata to enable discovery. Posts all data to shared spaces to provide access to all users except when limited by security, policy, or regulations.

Assists in establishing external vulnerability scans for assistance in the protection of a mission owner's data.

Provides Web Vulnerability Scans (WVS) to assist in complying with public facing web presence and protecting DoD demilitarized zone (DMZ) whitelisted web sites; Intrusion assessments; malware protection implementation; Information Security Continuous Monitoring (ISCM); Cyber Incident Handling; User Activity Monitoring (UAM) for DoD Insider Threat Program.

Maintains System Lifecycle Support Plans, Information System Concept of Operations (CONOPS), Information System Operational Procedures, Information System Maintenance Training Materials, DSCA Enterprise-Wide Contingency Plan documents.

Assists with writing and maintain a Cybersecurity Threat Plan to include Vulnerability Management, Cyber Threat Intelligence, Analytics Monitoring, Mitigation and Response, Lessons Learned and Action Plan.

Protects all proprietary information. Refrains from using the information for any purpose other than that to which it was furnished. Immediately discloses knowledge of any prohibited or attempted use of proprietary information.

A minimum of 15% travel may be required to support activities.

Responsible for aiding in own self-development by being available and receptive to any training made available by the company.

Plans daily activities within the guidelines of company policy, job description and supervisor's instruction in such a way as to maximize personal output. Responsible for aiding in own self-development by being available and receptive to all training made available by the company.

Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and coworkers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions to the best of own ability.

EDUCATION/EXPERIENCE REQUIRED

Bachelor's degree in Computer Science or a related field of study and a minimum of ten (10) years' relevant experience, or equivalent combination of education / experience. Five (5) years' experience in managing IT projects or programs focused on interpreting and applying DoD CS policy and guidance to operational DoD IT environments.

Prior Security Operations Center experience a plus. Demonstrated experience monitoring application and system security configurations and auditing IT systems and networks for compliance. Experience with Red Hat Linux Enterprise OS, Current UNIX OS, VMWare security, Oracle Database Security, MS SQL Database Security, MS Access Database Security, and Host Based Security System (HBSS).

Demonstrated skills and experience in at least 8 of the following 15 areas of expertise:

(1) Current Microsoft server and workstation OS security configurations

(2) Current Red Hat Linux Enterprise OS security configurations

(3) Current Unix OS security configurations

(4) Current Microsoft server and desktop application security

(5) VMWare security

(6) Database security (e.g. Oracle, MS SQL, and MS Access)

(7) Border device security (e.g. firewall, VLANs, IP Sub-Netting, Ports, and Protocols)

(8) Encryption standards

(9) Vulnerability scanning using approved DoD scanner

(10) Application code scanning with Fortify or other industry standard product

(11) HBSS monitoring

(12) Auditing (e.g. system accounts, security logs, system and network anomalies)

(13) Working knowledge of DoD Components

(14) Metrics capture and documentation

(15) Technical writing technical documents and user training materials

CERTIFICATES / LICENSES / REGISTRATION

JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES

Knowledge with the MS Office Suite applications of Outlook, Word, Access, and PowerPoint and Excel to perform data evaluation, formulas, and analytics

Specialized knowledge and advanced skills in the tools, concepts, practices and procedures of security incident management, threat intelligence and continuous monitoring

Knowledgeable of security-related processes with respect to Federal risk and compliance regulations best practices

Ability to identify possible malware risks and help resolve any current system infections

Ability to write reports based on findings for previous security breaches and threats

Ability to read, analyze, develop and interpret common information systems security documents

Expert computer skills with advanced proficiency in a Windows and Linux based computer environment

Excellent critical thinking skills with ability to identify, analyze and resolve problems / complex issues

Excellent verbal and written communications skills with ability to prepare quality reports and effectively communicate / interact with a wide variety of technical and non-technical audiences (i.e., customers, team members, management and federal staff)

Exceptional customer service skills with ability to respond to requests in a professional, helpful and timely manner

Highly organized with ability to effectively manage multiple projects and priorities

Ability to work in a fast-paced environment and to learn and apply new knowledge and techniques related to incident response and continuous monitoring capabilities

Ability to effectively work both independently and in a team environment for the successful achievement of goals

LANGUAGE SKILLS

Ability to read, analyze and interpret common scientific and technical journals, financial reports, and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community.

Ability to write speeches and articles for publication that conform to prescribed style and format. Ability to effectively present information to top management, public groups, and/or boards of directors.

MATHEMATICAL SKILLS

Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference and volume. Ability to apply concepts of basic algebra and geometry.

REASONING ABILITY

Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job.

Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls.

Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds.

Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.

  • mon
icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
CDL A Truck Drivers Pet & Rider Policy From Day One

Southern Refrigerated Transport

Posted 2 months ago

VIEW JOBS 7/11/2019 12:00:00 AM 2019-10-09T00:00 CDL-A Truck Driver – 3CPM Pay Increase Our resolution this year is to put MORE MONEY in your pocket. At SRT we are keeping that resolution with a 3CPM pay increase on January 12, 2019. Combined with a new insurance package, drivers can take home approximately 11% more per year in 2019. SRT Company Truck Drivers Receive: * 3CPM PAY INCREASE * 3rd pay increase since 10/1/17 * 3rd benefits cost reduction in 12 months (Up to $3k a year In savings) * $1,000 carrier transition incentive for experienced drivers * Weekly pay * Unlimited earned home time * Generous Bonuses: * Top Miles Bonus: 10¢ for all miles over 9.750 within delivery month; no refused or late loads during bonus month; completed safety modules; and no chargeable accidents. * Placarded HazMat Loads: 5¢ per mile * Fuel bonus: Up to 2¢/mile * Driver Referral Bonus: Spread the word to earn extra cash – no limits! * Plenty of miles every week * Late-model Freightliner and Kenworth equipment * IdleAir additions in progress * Health/dental/vision insurance * 401k paid vacation & paid holidays * Pet & rider policy from day one * And, more! Are you ready for Unlimited Satisfaction? Take advantage of biggest pay raise in company history and start earning even more TODAY! Call to learn more and apply today. Company CDL-A Truck Driver Requirements: * 21 years of age * Current CDL-A * 4 months' experience in the last 3 yrs. maintaining a log book * Drivers that don't have 4 months experience can enroll in training * Good driving record, pass DOT drug screen, and physical requirements 3CPM PAY INCREASE! Our Resolution Is To Put MORE MONEY In Your Pocket. At SRT we are keeping that resolution with a 3CPM pay increase on January 12, 2019. Combined with a new insurance package, drivers can take home approximately 11% more per year in 2019. 3rd Pay Increase since 10/1/17 and 3rd benefits cost reduction in 12 months (Up to $3k a year In savings). Our CDL-A truck driver opportunities offer the miles, pay and the unlimited earned time off you've been looking for. We do everything we can to keep our truck drivers happy – on the road and off. We've even outfitted our Texarkana headquarters with all the amenities you could ever need: * Up to $2,000 in sign-on bonuses for Experienced Hazmat Drivers! * Free Wi-Fi * Maintenance shop with 32+ bays * State-of-the-art fuel island * Free onsite laundry facility * High-tech inspection bay * Secured personal parking * Automatic, eco-friendly truck wash * Vending and snack areas * Showers (Men & Women) * TV Lounge * Quiet Rooms * Brand New Fitness Room Are you ready for Unlimited Satisfaction? Take advantage of biggest pay raise in company history and start earning even more TODAY! Call to learn more and apply today. Southern Refrigerated Transport Altoona PA

Cyber Security Policy Analyst

Chickasaw Nation Industries