Information Assurance/Cyber Security Analyst-Senior (Vgtn001)

Engility Corporation Springfield , VA 22156

Posted 7 months ago

Position Description:

This position is within the Vanguard 2.2.1 program's Bureau of Diplomatic Security (DS), supporting assessment and authorization (A&A) of the DOS major applications. This position will require significant interaction with the DOS and contractor staff and with the DOS Information Assurance (IA) office. The work location Rosslyn, VA but may require CONUS travel for short trips.

Description of Duties:

  • Provide dedicated Liaison Support/Senior Analyst to provide direct support to AODR. Support to include tasks such as:

  • Conducting initial/precursory review of A&A related documentation prior to AODR review

  • Supporting RMF steps 1-6

  • Providing Templates development and maintenance support

  • Providing POA&M management support

  • Leading large/complex security assessments of customer systems, services, and programs.

  • Supporting and interacting with customers, at the highest levels, as well as providing oversight to less experienced staff.

  • Analyzing customer processes and configurations to verify that previously identified flaws have been corrected, and document the results.

  • Developing approaches for industry-specific threat analyses, application-specific penetration tests, and the generation of vulnerability reports.

  • Developing detailed remediation reports and recommendations for compliance and security improvements across industries based on changing threats.

  • Develop and update a consistent approach to information security programs and adherence with best practices.

  • Support will not be required to conduct assessments.

  • Support will not develop documentation.

Required Education/Experience:

Bachelor's degree in a related field and 8 years' experience or 12 years of equivalent related experience.

Required Experience/Skills/Attributes:

  • Experience assessing Federal information systems' compliance with the Federal Information Security Management Act (FISMA). Specifically, conducting independent security control assessments in accordance with NIST SP 800-53, 800-53A, CNSSI 1253, and the Risk Management Framework (RMF) described in NIST SP 800-37.

  • FedRAMP experience.

  • Clearly articulate requirements and other information in written documentation and effectively communicate technical and non-technical concepts to a variety of audiences.

  • Broad understanding or knowledge of risk management practices and security program development including change management, access control, and physical security.

  • Direct experience involving configuration, deployment, and administration of network appliances, operating systems, and databases.

  • Demonstrated excellent technical skills in one or more focus areas (i.e. networking, messaging support (Exchange), Active Directory, system administration, etc.).

  • Demonstrated strong organizational and time-management skills: multitasking, working individually and with a team, having a positive attitude, being self-motivated and reliable, being trustworthy, having strong interpersonal and diplomatic skills, and being able to handle stress in a professional manner.

  • Proficiency with Microsoft Office.

Desired Experience/Skills/Attributes:

  • Three plus years of Xacta experience is highly desired

  • ISC2 Certified Authorization Professional (CAP).

  • Hands-on experience with and knowledge of IT security architecture and design (e.g., firewalls, intrusion detection systems, virtual private networking, virus protection technologies, LAN/WAN design, and/or general internetworking technologies).

  • Experience with one or more information security frameworks such as SAS70/SSAE No. 16, PCI, NERC CIP, Nuclear Energy Institute (NEI) 0809, HIPAA, GLBA, SOX, etc.

  • Broad understanding of risk management practices and security program development including change management, access control, and physical security.

  • Broad IP network and security engineering experience including a basic understanding of IP routing, quality of service mechanisms, MPLS, and IPsec architectures.

  • Hands on experience configuring, deploying, and managing mission critical network appliances such as routers, firewalls, IDS/IPS, DPI, etc.

  • Hands on system administration experience with various operating systems including Windows, AIX, BSD, z/OS, RHEL, SUSE, HPUX, QNX, etc.

  • Hands on system administration experience with DB2, MS SQL, Oracle, Sybase, etc.

  • Experience with various programming languages.

  • Experience with system development lifecycles (SDLCs).

  • Experience with change management processes.

  • Have a Security certification and actively working towards the CISSP.

Clearance Requirement:

Fully adjudicated Top Secret clearance in order to start


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Mid Information Security Analyst

Lunarline

Posted Yesterday

VIEW JOBS 2/19/2020 12:00:00 AM 2020-05-19T00:00 <table border="0" cellpadding="0" cellspacing="0" style="width:100.0%;" width="100%"> <tbody> <tr> <td style="width:12.5%;">Title:</td> <td style="width:87.5%;">Cybersecurity Analyst</td> </tr> <tr> <td style="width:12.5%;">Location:</td> <td style="width:87.5%;">On client site in Springfield, VA</td> </tr> <tr> <td style="width:12.5%;">Salary:</td> <td style="width:87.5%;">DOE</td> </tr> <tr> <td style="width:12.5%;">Clearance:</td> <td style="width:87.5%;">TS/SCI</td> </tr> </tbody> </table>  <br /> Lunarline is looking for a Cybersecurity Analyst to work in the office that collects, assesses, manages, and submits relevant information for all mandated cybersecurity reports.  <br />  <br /> <strong>Duties and Responsibilities:</strong> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Analyze the client system security.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Complete DoD scorecards on required deadlines</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Conduct gap and trend analysis as needed utilizing enterprise monitoring tools.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Determine enterprise information security standards.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Assess the effectiveness of the agency’s information security and privacy policies, procedures, and practices.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Evaluate the effectiveness of agencies’ information security and privacy programs and practices in accordance with FISMA and other regulations organized around the five information security functions outlined in the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework): Identify, Protect, Detect, Respond, and Recover.</li> </ul> <strong>Skills and Qualifications:</strong><br /> Required <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Minimum of 3 years’ experience in assessments, scanning, and consulting.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Ability to comprehend and provide feedback on data received from scanning tools such as ACAS to identify vulnerabilities and/or concerns with security posture.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Applicable knowledge of FISMA, NIST RMF, and NIST SP 800-series publications.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Exposure to Software Development Lifecycle (SDLC) as it relates to Information Security/Information Assurance.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Experience gathering/compiling information for DoD scorecards and providing insight on compliance trends.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Self-motivated and able to work in an independent manner or as part of a team.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Able to write and talk about technical security issues in a clear, concise manner.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Exceptional organizational and planning skills.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Able to work in a fast-paced, deadline-driven environment.</li> </ul> Desired <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Security Center, Nessus Log Correlation Engine, CIS Benchmarks, Web Inspect Vulnerability Scans or XACTA, HBSS, Tanium, ServiceNow, Splunk.<a name="CurrentCursorPosition"></a></li> </ul> <strong>Education: </strong> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Bachelor’s degree in Computer Sciences, Information Systems, Mathematics, Engineering (Electrical, Computer, Mechanical) or related field.</li> </ul> <strong>Certifications: </strong> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">The following certifications (one or more is required): CAP, CASP, CISM, CISSP, or GSLC.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">The following certification(s) are preferred: Lunarline, Inc. School of Cybersecurity “Certified Expert” certification(s), CCNA Security, CySA+, GICSP, GSEC, Security+ CE, or SSCP.</li> </ul> Lunarline Springfield VA

Information Assurance/Cyber Security Analyst-Senior (Vgtn001)

Engility Corporation