Senior Information Systems Security Analyst

Responsibilities:

• Ensure that all users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before they are granted access to the IS
• Initiate protective and corrective measures when a security incident or vulnerability is discovered
• Monitor system recovery processes and ensure the proper restoration of an IS security features
• Ensure Configuration Management (CM) for security-relevant IS software, hardware, and firmware is documented and maintained
• Support certification activities throughout the ISSA process (previously known as Certification and Accreditation process)
• Manages ATO artifacts, documentation and provides updates within the DOJ Cyber Security Assessment Management System (CSAM)
• Ensure that system security requirements are complied with, unless waived during all phases of the system lifecycles
• Establish audit trails and ensure their review, and make them available, when required, to the Chief Information Security Officer (CISO) or the Information System Security Manager (ISSM)
• Retain audit logs in accordance with Department of Justice (DOJ) policy
• Ensure awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code; manage review and release of media and/or memory components
• Ensure general users and privileged users are trained-in the specific knowledge needed for them to safely operate and maintain the ISs to which they have access, including general security awareness and specialized privileged user training
• Disseminate, control, and manage the issuance of user identifications and passwords for assigned ISs, and provide authorized lists to appropriate system administrators
• Develop, implement, and enforce information systems security policies

Requirements:

• This position requires a minimum security clearance, must be able to obtain a Public Trust Clearance from the Federal Government. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information.
• Possess strong communication skills; the position will be the primary interface with the client security personnel.
• Must be customer focused and possess the ability to identify issues, analyze, and interpret data and develop solutions to a variety of moderately complex technical problems.
• Bachelor's in Computer Science, Information Systems or related field and 6-8 years of demonstrated results, or equivalent experience with a concentration on C&A as it applies to the US Government.
• Prior ISSO or ISSM experience is required.
• Experience with the NIST/FISMA regulatory and compliance requirements.
• Experience with DOJ Cyber Security Assessment Management System (CSAM) or similar government management system.
• Knowledge of the federal security authorization (formerly known as Certification and Accreditation or C&A) process to include key activities and milestones required throughout each phase of the security authorization lifecycle.
• Industry-specific certifications, including one or more of the following: CISSP, CISA, CISM, SANS, CEH.
• Experience with DOJ, DISA, NSA, DSS and DoD IA standards and Certification and Accreditation (C&A) processes.
• Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC). Knowledge of Information Assurance Vulnerability Alerts (IAVAs).
• Ability to represent the organization as a knowledgeable resource on external projects while demonstrating a strong analytical, verbal and written communication skill set to accurately document, report, and present findings.
• Hands on IT technical experience working with networking and computing environments.
• Experience using vulnerability assessment tools/platforms such as Acunetix, Nessus, ACAS, Qualys, Nexpose, along with centralized logging and penetration testing.
• Strong experience with documenting test environments, requirements, results and POAM resolution.
• Candidates must be able to travel 10% of the time.