Information Security Analyst

Perspecta Inc. Herndon , VA 20171

Posted 7 months ago

Description

Every day at Perspecta, we enable hundreds of thousands of people to take on our nation's most important work. We're a company founded on a diverse set of capabilities and skills, bound together by a single promise: we never stop solving our nation's most complex challenges. Our team of engineers, analysts, developers, investigators, integrators and architects work tirelessly to create innovative solutions. We continually push ourselvesto respond, to adapt, to go further. To look ahead to the changing landscape and develop new and innovative ways to serve our customers.

Perspecta works with U.S. government customers in defense, intelligence, civilian, health care, and state and local markets. Our high-caliber employees are rewarded in many waysnot only through competitive salaries and benefits packages, but the opportunity to create a meaningful impact in jobs and on projects that matter.

Perspecta's talented and robust workforce14,000 strongstands ready to welcome you to the team. Let's make an impact together.

We are currently seeking an Information Security Analyst for our Alexandria or Herndon VA location on a project for the U.S. Department of Defense.

Individual must be U.S. Citizen, holding an active/current DoD Secret or Top Secret clearance (based on SSBI investigation) and a Current Security+ in good standing certification

JOB DESCRIPTION

This individual will participate in a team environment supporting a U.S. Government contract that provides personnel security management to DoD. The position ensures that the program complies with the government's Information Assurance (IA) security requirements, including developing, reviewing and updating security documentation, evaluation and resolution of new Information Assurance Vulnerability Alerts (IAVAs), successful Certification and Accreditation (C&A) process evaluation, evolution and compliance, development and management of POAMs, demonstrated knowledge of eMASS, and the completion of IA reporting requirements.

The candidate will need strong information assurance skills, knowledge of the Risk Management Framework, comprehensive understanding of DoD guidance including NIST SP 800.xx, FIPS 199, DoD 8500.x, Defense Information Technology Security Certification and Accreditation Process (DITSCAP) and Defense Information Assurance Certification and Accreditation Process (DIACAP). This is a hands-on IA position and is not a management position.

KEY RESPONSIBILITIES:

  • Responsible to ensure the program complies with the government's IA security requirements; closely working with lead IA Engineer, Program Manager and other team leads.

  • Must be pre-emptive in planning and execution of continuous monitoring efforts in support of the achievement of DoD goals and objectives, effectively communicating security risks, maintaining security posture in accordance with established Mission Assurance Category (MAC) level.

  • Responsible for proactively assessing impacts of findings, develop and implement remediation plans, engaging the Dev/Ops team to ensure security activities are methodically included in roadmap and report all security activities and findings in formal monthly deliverables.

  • Overall responsibility for the planning and technical SME's execution of all STIG remediation.

  • Responsible for creating and tracking Plan of Action and Milestone (POA&M) reports.

  • Responsible to create program documentation detailing system security concepts, system security assessments, tailored security plans, and vulnerability assessments.

  • Responsible to work with the government to support obtaining accreditation of the production system via certification testing of its respective elements, consisting of process support, analysis support, coordination support, security certification test support, and security documentation support.

  • Responsible to follow program standards, processes and procedures, to deliver high quality components/products.

  • Responsible to provide clear and timely status to management as required

Qualifications

QUALIFICATIONS/REQUIREMENTS:

  • Sec+ required

  • At least 3 years of experience in multiple phases of the software development lifecycle

Pre-Requisites:

  • At least 3 years of IAVA analysis and resolution experience

  • Three or more years of C&A process experience using the RMF.

  • Demonstrated knowledge of POAMs creating, tracking and managing, creating formal documents detailing system security concepts, system security assessments tailored security plans, and vulnerability assessments.

  • Demonstrated knowledge of eMASS

  • Experience in developing security documentation

  • Familiarity with Department of Defense personnel security issues is a plus

Additional knowledge not required but extremely beneficial:

  • Relational database concepts

  • Application servers

  • Web servers

  • Network File System (NFS) and/or various storage concepts

  • Web technologies and protocols, such as Web Services, TCP/IP, SFTP, HTTP, HTTPS

  • WebLogic, Mule, and/or Golden Gate

Education and Experience Required:

  • 5+ years of professional experience and a Bachelor of Arts/Science or equivalent degree in computer science or related area of study; without a degree, three additional years of relevant professional experience (11+ years in total).

EEO Tagline: Perspecta is an AA/EEO Employer - Minorities/Women/Veterans/Disabled and other protected categories


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Systems Security Officer Isso (Active Polygraph Required)

General Dynamics Information Technology

Posted 5 days ago

VIEW JOBS 10/11/2019 12:00:00 AM 2020-01-09T00:00 Job Description * Additional Security SCRUB Required*Short Description: ISSO Demonstrated on-the-job knowledge experience with reviewing security concepts of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, vulnerability scanning, and/or vulnerability management plans. Experience with ICD-503, FISMA and RMF/A&A processes, NIST, FIPS, and CNSSI 1253 technical controls. Experience with security features and/or vulnerability of various operating systems (Windows, RHEL, CentOS), database (Oracle, MySQL, SQL Server), web services (Tomcat, Apache, IIS, Passenger) and network (CISCO routers, switches, firewalls). Required Skills: ICD-503, FISMA, RMF, NIST, FIPS, CNSSI 1253, Nesses, A&A, Strong Engineering ExperienceDesired Skills/Experience: XACTA, Windows, RHEL, Oracle, PostgreSQL, Cisco routersDesired Certifications: CISSP,CASP * Demonstrated on-the-job knowledge and experience with developing and reviewing security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability scanning, and/or vulnerability management plans.• Demonstrated on-the-job knowledge and experience cloud security design, requirements analysis, control implementation, and mitigation.• Demonstrated on-the-job knowledge and experience in security systems engineering that involves various computer hardware and software operating system and application solutions in both stand-alone and LAN/WAN configurations.• Demonstrated on-the-job knowledge and experience with security features and/or vulnerability of various operating systems (ie Window Server, Windows clients, Microsoft Exchange, Red Hat Enterprise Linux,CentOS) and CISCO systems.• Demonstrated on-the-job knowledge and experience with developing and reviewing security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability scanning, and/or vulnerability management plans.• Demonstrated on-the-job knowledge and experience cloud security design, requirements analysis, control implementation, and mitigation.• Demonstrated on-the-job knowledge and experience with ICD-503, FISMA and RMF/A&A processes, NIST SP (800-27, 30, 37, 53, 60, 137, 144, 145), FIPS (199, 200), and CNSSI 1253 technical controls and developing and maintaining associated certification and accreditation documentation.• Demonstrated on-the-job knowledge and experience with performing security system scans for network, platform, database, and web services using different security tools (e.g. Nessus, Weblnspect, AppDetective).• Demonstrated on-the-job knowledge and experience with various technologies and vendors for network (e.g. Cisco, Juniper), platforms (e.g. Microsoft Windows, Linux Redhat/CentOS), database (e.g. Oracle, MySQ L, SQL server), and web services (e.g. ISS, Apache, Tomcat, Passenger).• Demonstrated outstanding interpersonal skills and team player• Demonstrated outstanding written and verbal communication skills; ability to present reports to management; motivated to thoroughly investigate, analyze, and document system issues and resolutions• Demonstrated outstanding ability to produce quality deliverables and to complete assigned projects on time, provide consistent status updates to ensure IT security projects stay focused.• Demonstrated outstanding attention to detail - completes tasks per standard operating procedures; reports discovered anomalies and inconsistencies• Demonstrated outstanding persistent and creative problem solver - strong troubleshooting skills and determined to find solutions to technical problems; identifies root cause and presents possible solutions to management• Demonstrated outstanding work ethic and a proven professional - respectful, dependable, takes initiative Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction Education BA/BS or relavent technical experience. Qualifications 20+ years of experience. For more than 50 years, General Dynamics Information Technology has served as a trusted provider of information technology, systems engineering, training and professional services to customers across federal, state, and local governments, and in the commercial sector. Over 40,000 GDIT professionals deliver enterprise solutions, manage mission-critical IT programs and provide mission support services worldwide. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class. #DPOST #CJPOST #SWDevIC #ISDCJ #ERP #ComebackGDIT #OpportunityOwned #GDITCareers #GDITLife #WeAreGDIT General Dynamics Information Technology Herndon VA

Information Security Analyst

Perspecta Inc.