Information Security Analyst
Information Security Analyst
US Citizenship required
Top 3 Technical Skills:
- NIST 800 / RMF
- Compliance Experience
- Must have government experience
Projected Description/Purpose of Role:
Seeking an Information Security Analyst who is able to develop or analyze security plans to ensure compliance with a government agency’ s security framework. He/she will not be conducting vulnerability scans but will need to be able to read and interpret those scans.
• At least 3 years at a Federal Agency (preferably Executive Branch) working with NIST 800 Series publications as a Risk Management Framework SME
• At least 8 years of progressive Information Technology (IT) experience including at least Five (6) years’ experience in IT security, including C&A and/or IT security risk analysis, preferably in support of the Federal Government
• Mastery level knowledge of techniques, principles and theories pertaining to providing security and protection to IT resources.
• Mastery level knowledge of information systems security standards such as NIST and Federal Government requirements, as well as: industry best practices, standards and guidelines involved with the protection of hardware, software, and telecommunications equipment and services, to accomplish Security Assessment & Authorization activities.
• Mastery level knowledge of methods for protecting information systems and data; detecting and analyzing anomalous activity; restoring the security of information systems, network services and related capabilities; and identifying and mitigating information system vulnerabilities to prevent inadvertent data disclosure, unauthorized data modification, data destruction, or denial of service.
• Knowledge of methods and tools used for risk management and the mitigation of risk for information systems and data. This requires a technical mastery of, and hands on experience using, risk assessment methods to determine vulnerabilities in local environments, processing procedures, personnel and other system components.
• Technical understanding of integration of IT programs and services in a multi-location Wide Area Network; and the security controls, tools and techniques used to secure multiple platforms and operating systems through channels offering differing levels of trust and reliability.
• Knowledge of the operating characteristics of various operating systems.
• Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals.
• Mastery level knowledge and experience applying government standards, including NIST Risk Management Framework, and NIST 800-53.
• Ability to use judgment, initiative, and resourcefulness in deviating from established methods to modify, adapt, and or refine broader guidelines to resolve specific complex problems; research trends and patterns; develop new methods and criteria; and or propose new policies and practices.
• Plan, manage and provide guidance pertaining to IT Security architecture to include all phases of computer security (i.e., hardware, software, and telecommunications equipment, installation and evaluation). Work frequently requires the candidate to be involved in diverse projects simultaneously, several of which may have equally high priority.
• The work requires exceptional coordination and integration of Judiciary Information Security Framework (JISF) compliance activities, which requires its own body of knowledge. Decisions and actions taken by candidate will have a direct and substantial impact on services rendered.
• Excellent oral and written communications skills. Interaction and information gathering with coworkers and customers.
• Bachelor’ s degree required, master’ s degree preferred. Must have at least Four (4) years of additional experience if no degree (total 12 years’ experience without a degree)
• Industry leading certifications relating to IT security (CISSP, GIAC, etc.).