Information Assurance Analyst
Job Description MINIMUM CLEARANCE LEVEL : Secret Clearance CITIZENSHIP : US Citizenship; LOCATION : Bethesda, MD Certification(s) : Security+ CE as a minimum required within 6 months of hire Excentium, Inc . is a Veteran Owned Small Business (VOSB) that provides Information Security Engineering; Information Assurance (IA), management, and Certification and Accreditation (C&A) services to government and commercial organizations. Position Description: Working with end users, Computer Network Defense Service Provider (CNDSP), and system administrators . Compliance reporting, auditing, and incident handling are the primary duties for the position. Demonstrated ability to independently perform complex security analysis of existing systems for compliance with security requirements. Ability to use a variety of security techniques, technologies, and tools to develop, integrate, and implement security solutions into highly sensitive computer systems and networks. Ability to perform vulnerability and risk analysis, and participate in a variety of computer security penetration studies as required. Able to interpret logs and look for malicious behavior with various security tools to include SIEMS. Member of the incident handling team. Analyzes and defines security requirements for computer systems, which may include mainframes, workstations, and personal computers. Designs, develops, and implements solutions to meet security requirements. Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs in computer security. Participates in most phases of the systems lifecycle including preliminary and final design, systems development, integration, and testing. Responsibilities: Develop/maintain processes that implement the DoD Cyber Security program. Regularly Audit network/IT environment for compliance to Policy and associated SOP - Weekly/Daily reporting of internal high risk systems, outstanding remediation and mitigation activities, Provide oversight of Plan of Action and Milestone (POA&M) compliance.- POA&M management, mitigation statement formulation, interfacing with system administrators to resolve open findings of high and at risk systems. Coordinate with the Computer Network Defense Service Provider (CNDSP) to provide incident support for DHA/WRNMMC cyber security incidents. Validate IT security architecture for compliance. Provided Certification & Accreditation (C&A) support services by performing security control assessments (SCA), which could include interviews & examinations, security test and evaluation (ST&E), vulnerability assessments, and penetration testing in support of an Authority to Operate (ATO). Candidate must be able to perform the security scans and analyze data to assess threats. Conducting vulnerability assessments on networks, servers, websites, databases, and assist with other assessment activities. Performing security controls assessments in accordance with NIST SP 800-53A, to include interviews, examinations, and vulnerability testing. Required Skills: Understanding of DISA STIGs and ability to provide direction based on STIGs Knowledge of NIST Risk Management Framework Knowledge of SCAP, LINUX/UNIX Security Audit Working experience with incident response/incident handling. Applying updates to systems Ability to install and configure systems from the ground up. Working knowledge of Win 2003 (32/64 bit), Win 2008 (32/64 bit), Win7, and SQL Databases Ability to work with GPO's, local policies and registries. Ability to run audit scans, and provide analysis of results. Use of the following tools: Nmap, Netcat, Nipper Studio, Microsoft Baseline Security Analyzer, Tenable Nessus, Security Center, Wireshark, Core Impact, IBM Appscan Standard, Burp Suite Professional, Application Security AppDetective Pro, HP WebInspect. Qualifications: Work alongside with system administrators to troubleshoot vendor applications Knowledge of patching and hardening Security assessment tools experience IT Systems certification preferred Incident handling Compliance reporting Security audits Excentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off. Excentium is an equal opportunity employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. Company Description Excentium is an IT Services company that specializes in Cyber Security. We are a Veteran Owned Small Business. Excentium was founded in 2006 to help commercial, federal and Defense Department organizations remove barriers to success so they can focus on delivering exceptional products, systems and solutions to their customers.