PROGRAM DESCRIPTION The Information Security and Compliance Office (ISCO) is a part of the Enterprise Information Technology (EIT) Directorate within Leidos Biomed. The ISCO provides IT security auditing, engineering, and incident response support for the Frederick National Laboratory for Cancer Research (FNLCR) and the National Cancer Institute - Frederick. The mission of the Information Systems Program is to develop an enterprise-level, consolidated information technology infrastructure that provides exceptional IT capabilities to the Frederick National Labs for Cancer Research (NCI-Frederick/FNLCR) in support of basic, translational, and clinical cancer and AIDS research. ISCO supports the life cycle of information security for the scientific mission and administrative functions of the NCI-Frederick/FNLCR, to ensure the availability of information systems, protect the integrity of information, and protect the confidentiality of intellectual property and patient data. KEY ROLES/RESPONSIBILITIES The Security Analyst II/III will be responsible for: Corelate and analyze data from numerous sources to identify threats Performing and analyzing system and application scans. Monitoring NCI-Frederick/FNLCR information systems and environments of operations, including incident response, vulnerability management and change control. Developing and assessing information security requirements for NCI-Frederick/FNLCR, and ensuring information system owners integrate and implement security requirements into the design, development, and configuration of information systems. Serving as an advisor on matters involving the security of NCI-Frederick/FNLCR information systems BASIC QUALIFICATIONS This is a dual level requisition and can be filled as either a Security Analyst II or Security Analyst III For the Security Analyst II Possession of an Bachelor's degree from an accredited college/university according to the Council for Higher Education Accreditation (CHEA) in a related field (Additional qualifying experience may be substituted for the required education). Foreign degrees must be evaluated for US equivalency. A minimum of two (2) years progressively responsible job related experience. Experience must include functioning as an analyst or equivalent for compliance auditing, information security, information systems, or related. For the Security Analyst III Possession of an Bachelor's degree from an accredited college/university according to the Council for Higher Education Accreditation (CHEA) in a related field (Additional qualifying experience may be substituted for the required education). Foreign degrees must be evaluated for US equivalency. A minimum of five (5) years progressively responsible job related experience. Experience must include functioning as an analyst or equivalent for compliance auditing, information security, information systems, or related. Both positions will require: Must be analytical and able to analyze complex information, synthesize disparate data sources, and communicate effectively Must be able to develop technical documentation and non-technical presentations; and, express information in a clear, concise, and organized manner, both verbally and in writing Must be able to follow direction provided by senior staff Must be detail-oriented with the ability to prioritize multiple tasks/projects Must be able to obtain and maintain a security clearance. PREFERRED QUALIFICATIONS Working knowledge of application security concepts and techniques SOC experience/event triage Cyber kill change knowledge EXPECTED COMPETENCIES Familiarity with current and emerging security technologies such as intrusion detection systems (IDS), security information and event management (SIEM) applications, and related security tools Experience as an incident responder/handler Familiarity with system and application scanning tools Familiarity with network layers/(OSI) model Experience with windows and linux command line Equal Opportunity Employer (EOE) | Minority/Female/Disabled/Veteran (M/F/D/V) | Drug Free Workplace (DFW)