Principal Info Security Analyst -- Ft Belvoir, VA -- TS/SCI
Results-driven professional performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
1. Performs Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents.
2. Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.
3. Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
4. Evaluate firewall change requests and assess organizational risk.
5. Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems.
6. Assists with implementation of counter-measures or mitigating controls.
7. Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
8. Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
9. Prepares incident reports of analysis methodology and results.
10. Provides guidance and work leadership to less-experienced technical staff members, and may have supervisory responsibilities.
11. May serve as a technical team or task leader.
12. Maintains current knowledge of relevant technology as assigned.
13. Participates in special projects as required.
Bachelor's Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
8-10 years of related experience in data security administration.
Under general direction, responsible for all activities relating to information assurance procedures and systems. Develops information systems assurance programs and control guidelines. Confers with and advises other sections on administrative policies and procedures, resolving technical problems, priorities, methods, internal controls and security procedures. Prepares activity and progress reports relating to the information systems audit function.
1. Advanced knowledge of data security administration principles, methods and techniques.
2. Expertise with regulatory requirements for DoD and Intelligence Community IT systems (STIG, DCID, ICD, etc.) and significant experience with Risk Management Framework (RMF) as well as DIACAP and ICD accreditation processes. Emphasis on C&A experience, to include implementing controls and drafting the C&A body of evidence, with DIACAP and DCID 6/3. A plus would be familiarization with ICD 503.
3. Familiar with DoD and IC IA tools (SECSCN, WASSP, Retina, Nessus, SCC, SCAP).
4. Convert and apply regulatory requirements to system/application configurations.
5. Monitor application/system compliance using common IA tools.
6. System/application patching.
7. Provide input on IA compliance during system/application design and implementation.
8. Familiar with industry reference architectures for implementing network access control, monitoring devices, and other security related applications.
9. Familiar with integrating applications/systems with management/monitoring software.
10. Familiar with IDS/IPS systems.
11. Familiar with firewall theory and configuration.
12. Familiar with basic networking.
13. Familiar with virtualization infrastructures.
14. Familiar with Linux Operating Systems.
15. Familiar with Microsoft Windows Operating Systems. 16. Familiar with Microsoft Active Directory.
A minimum of a current DoD 8570.1 IAT level 2 (CompTIA Security+ acceptable, IAT level 3 ISC2 CISSP preferred) certification in addition to a technical certification in a relevant application/OS/networking environment where elevated privileges will be granted.
ITIL Foundation certification required within 6 months of hire.
Polygraph not required for hiring but candidate MUST be willing to take and then pass a Counter Intelligence Polygraph.
C&A experience authoring System Security Authorization Agreements (SSAA) is required.
Active TS/SCI clearance required.
As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.
With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.
GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.