Information Security Analyst

Booz Allen Hamilton Inc. Bethesda , MD 20813

Posted 5 days ago

Job Description: Job Number: R0040008

Information Security Analyst

The Challenge:

Are you looking for an opportunity to combine your technical skills with big picture thinking to make an impact in health?

As an information security analyst on our team, you have the chance to implement Cybersecurity systems in support of a Department of Health and Human Services (HHS) client. You comprehend your customer's environment and how to leverage the right security tools for their mission. Your ability to translate real-world needs into technical specifications makes you an integral part of delivering a customer-focused security solution. Your technical expertise will be vital as you strengthen the client's security posture. You'll develop your skills in Cybersecurity and system administration while gaining experience with implementing and configuring new security tools. Grow your skills by merging console management and understanding of the client's infrastructure, database, and security environment to leave a lasting impact. Join our team and help turn Cybersecurity requirements into accomplishments that drive change.

Empower change with us.

Build Your Career:

When you join Booz Allen, you'll have the opportunity to connect with other professionals doing similar work across multiple markets. You'll share best practices and work through challenges as you gain experience and mentoring to develop your career. In addition, you will have access to a wealth of training resources through our Digital University, an online learning portal where you can access more than 5000 tech courses, certifications and books. Build your technical skills through hands-on training on the latest tools and tech from our in-house experts. Pursuing certifications? Take advantage of our tuition assistance, on-site courses, vendor relationships, and a network of experts who can give you helpful tips. We'll help you develop the career you want as you chart your own course for success.

You Have:

  • 2+ years of experience with performing threat and vulnerability assessments for civilian government agencies

  • Experience with managing and implementing Cybersecurity solutions using enterprise tools

  • Experience with technical security, incident handling, network vulnerability assessment, penetration tests, and risk mitigation

  • Ability to leverage security assessment tools, including Nessus, BigFix, and Splunk to perform system and application vulnerability assessments and recommend fixes and security enhancements for identified vulnerabilities

  • Ability to identify important security metrics, collect the data from various security software, and report analyses

  • Ability to work independently and is motivated to learn

  • Ability to successfully engage in multiple initiatives simultaneously

  • BA or BS degree and 3+ years of experience in a professional work environment

Nice If You Have:

  • Experience with using the Tripwire Enterprise console to track compliance requirements and changes made to systems

  • Experience with using Splunk, Tenable, or BigFix to monitor security environment

  • Possession of excellent oral and written communication skills

  • Security+ and CISSP Certifications a plus

We're an EOE that empowers our peopleno matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran statusto fearlessly drive change.


upload resume icon
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Analyst

Seneca Resources

Posted Yesterday

VIEW JOBS 1/23/2019 12:00:00 AM 2019-04-23T00:00 <span style="font-size:12px;"><span style="font-family:times new roman,times,serif;"><strong>About Seneca Resources:</strong><br /> Seneca Resources is client driven provider of strategic Information Technology consulting services and Workforce Solutions to government and industry.  Seneca Resources is a leading IT services provider with offices in Reston and Richmond, Virginia and Birmingham, Alabama that service clients throughout the United States.  The key to our success lies within our strong corporate culture which drives our business.  We challenge our staff through engaging work, and we reward our staff through competitive compensation, extensive professional training, and excellent opportunities for career advancement.  In turn, we look for only the best and brightest to join our team.<br /> We are an Equal Opportunity Employer and value the benefits of diversity in our workplace.<br />  <br /> <br /> <strong>Position Title:  Information Security Analyst</strong><br /> <strong>Location: Bethesda, MD</strong><br /> <strong>Employment Type: Full Time</strong><br /> <strong>Compensation: Extremely Competitive</strong><br /> <strong>Requirements: ERM experience and CISSP, CISA, CRISC or Equivalent Certification</strong></span></span><br /> <br /> <br />   <div><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;"><b><u>Job Information</u></b></span></span></div> <div><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Enterprise Risk Management (ERM) is looking for a Senior Information Security Risk Analyst to help ERM manage and oversee technology based risks. The successful candidate would be responsible for identifying, prioritizing, monitoring and reporting technology risks and controls including performing risk and controls assessments. This position works closely with the operational, technical, and corporate function personnel to foster a technology risk management culture, challenge assumptions and to assist in communicating a holistic risk profile of technology risk to ERM Executive management and various stakeholders. </span></span></div> <div><br /> <span style="font-size:12px;"><span style="font-family:times new roman,times,serif;"><b><u>Key Job Functions</u></b></span></span></div> <ul> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Demonstrate solid knowledge on technology processes within infrastructure, information security, SDLC and Enterprise Service Management utilizing various IT controls frameworks (i.e. COBIT 5)</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Understand and articulate risks associated with technology processes and IT general controls and identify process and control gaps proactively</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Liaise across relevant business, technology, and control functions to prioritize risks, challenge technology risk decisions, assumptions and tolerances, and drive appropriate risk response.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Contribute to the establishment of metrics and tools to assess and report on inherent risks, control strength and residual risk in a consistent and objective manner.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Assist with the development and validation of remediation plans for technology deficiencies by providing effective challenge.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Monitor internal and external business, regulatory and technology environment to identify new or emerging risks and verify remediation of issues.</span></span></li> </ul> <div> </div> <div><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;"><b><u>Education</u></b>   </span></span></div> <ul> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Bachelor's Degree in Information Systems or related field or an equivalent combination of education and experience</span></span></li> </ul> <div> </div> <div><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;"><b><u>Minimum Experience</u></b>  </span></span></div> <ul> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Minimum 5 years of work related experience in technology</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Minimum 3 years of experience performing risk management and analysis related activities</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future. </span></span></li> </ul> <div> </div> <div><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;"><b><u>Specialized Knowledge & Skills</u></b>     </span></span></div> <div><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">  </span></span></div> <ul> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Experience working with Risk, Security or Audit frameworks (i.e., COBIT, COSO, ISO 27001/2, NIST 800-53, AICPA).</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Strong understanding of technology processes, risks and issues including infrastructure, information security, SDLC and Service Management (knowledge within cloud computing is preferred, specifically AWS.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Capable of identifying, evaluating and mitigating significant risks within an enterprise.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Basic knowledge of SOC2 attestation reports.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Strong working experience with Microsoft Office Suite and GRC tools.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Must have and maintain at least one of the following certification: CISSP, CISA, CRISC or equivalent designation.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Ability to document and explain risks and vulnerabilities to both business and technical stakeholders</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Must have past experience performing vulnerability research and reporting.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Strong oral and written communication skills and ability to work well with others and in a collaborative, complex and fast paced environment.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Possesses strong analytical skills</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Certification: CISSP, CISA, CRISC or equivalent designation</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Active in the technology industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technology.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:times new roman,times,serif;">Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals.</span></span></li> </ul> Seneca Resources bethesda md

Information Security Analyst

Booz Allen Hamilton Inc.