The Operation Security Analyst will provide operational security support in a structured, ITIL-based 24/7/365 NOC/SOC environment. The program provides technical and operational support including solutions engineering, server administration (UNIX/Linux/Windows), database administration (Oracle/MS SQL/MySQL), backup administration (CommVault), storage administration (NetApp), Cloud Services (VMware, AWS, Azure, Oracle) and various managed hosting application tools to numerous government and commercial customers.
Clearance Level: U.S. Citizenship required; eligible to obtain a Public Trust government clearance
Certification Requirement: Security+ certification desired. Candidates must have the desire and goal to obtain their Security+ certification once hired.
Support day-to-day administration and maintenance of various security systems and tools including, Anti-Virus, compliance scanners, vulnerability remediation systems, content filtering, LogRhythm Security Intrusion and Event Management system (or similar).
- Knowledge or desire to learn cloud-based security tools associated with AWS, Azure and Oracle cloud offerings required.
- Maintain a motivated, customer -focused attitude while operating as part of a NOC/SOC on a 24/7/365 basis.
- Support incident response for all security-related issues. Drive issues to a timely resolution and ensure that all lessons learned are used to improve the overall security posture.
- Assessing and improving security operations processes and procedures.
- Performing ongoing risk assessment to identify vulnerabilities
- Developing/recommending/implementing mitigation and remediation strategies and solutions using both procedural, technical and policy-based techniques.
- Ensure that the security of all systems is actively maintained and hardened against industry, legal and compliance standards
- Continually assess the systems against potential threats and vulnerabilities. Ensure that vulnerabilities are mitigated in a timely fashion in accordance with the applicable compliance requirements.
- Desired knowledge of US Government-based NIST 800-53 RMF and Secure Baseline Configuration (DISA STIG, CIS Benchmarks) – not required.
- Strong communications skills, both written and oral, with the ability to maintain Authorization and Accreditation (A&A) documentation, to include the System Security Plan (SSP) and other related plans.