The Information System Security Analyst applies current technologies to the design, development, evaluation and integration of computer information systems and networks to maintain system security. May work with commercial computer product vendors in the design and evaluation of state-of-the-art secure COTS applications, operating systems, networks and database products and technology. Provides security engineering and integration services to internal customers. Involved in a wide range of issues including secure architectures, secure electronic data traffic, network security, information security and privacy.
Required skills include:
· U.S. Citizenship required.
· Maintain operational security posture for the program to ensure information systems security policies, standards, and procedures are established and followed.
· Assist with the management of security aspects of the information system and performs day-to-day security operations of the system.
· Evaluate security solutions to ensure they meet security requirements for processing classified information.
· Perform vulnerability/risk assessment analysis to support certification and accreditation.
· Provides configuration management (CM) for information system security software, hardware, and firmware.
· Manage changes to system and assesses the security impact of those changes.
· Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, etc.
· Experience and/or familiarity with Certification and Accreditation (C&A).
· Experience and/or familiarity with the following network protection devices: Firewalls, intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow and packet analysis.
Information System Security Analyst – I
· No demonstrated experience required.
· Bachelor’s degree in Information Security, Cyber Engineering or a related discipline is required.