Information Security Analyst

Computer World Services  – Washington, DC

The individual will analyze and perform security assessments on Windows, Linux, system-embedded operating systems, and applications such as web servers and databases. Identifies vulnerability and compliance issues, compiles vulnerability and compliance reports, provides remediation recommendations, and provides metrics on vulnerabilities and remediation activities. Produces documentation in support of the system ATO. Manages PO&AMs, false positives, and risk exception artifacts. Works directly with system administrators and system engineers to ensure secure configurations of Windows and Linux based systems and all third party/helper applications in accordance with NIST policies, requirements, and directives, including compliance with USGCB, STIG, CIS, and scan results. 

Key Tasks and Responsibilities 

In this role, the Security Analyst will: 

• Provide security analysis on Windows and Linux systems, web servers, databases, and all newly proposed software through security assessments using vulnerability scanning tools, baseline software compliance checklists (e.g. STIGS and CIS), and NIST 800-53 control assessments throughout the life-cycle process under limited supervision. 

• Provide mitigation and remediation recommendations in support of the system assessment process and lead the mitigation and remediation effort by directly engaging with the system administrators. 

• Work with ticketing systems to track CR and security assessment requests. Provide metrics on mitigation activities. 

• Analyze, interpret, and simplify vulnerability and compliance reports for system administrators to understand and remediate security risks. 

• Collaborate directly with both the System Administrators and Systems Engineers on a daily basis. 

• Write and prepare necessary documentation to support systems ATO, including assessments, analysis reports, executive summaries of cyber threats, and formal and informational briefings to IT professional staff. 

• Collect metrics from system tools to answer data calls and provide graphics summarizing metrics in excel and power point. 

• Utilize vulnerability security tools commonly used such as Nessus, Nexpose, Web Inspect, HP Fortify, SCAP, Retina. 

• Document residual risks by conducting a thorough review of all the vulnerabilities, architecture and defense in depth and provide the IA risk analysis and mitigation determination results for risk exceptions. 

• Document and manage POA&Ms, false positives, and risk exception artifacts. 

• Pro-actively work with team members to identify and address security and compliance issues 

Job Requirements Education & Experience 

• Bachelor’s degree in Information Technology / Cyber Security or a related field. 

• 3 years’ experience in Information Security with a focus on analyzing security vulnerability and compliance reports and mitigating findings 

• 3 years’ experience building and managing Windows and Linux platforms. 

• Knowledge of different network devices and network topologies 

• Experience securing Windows, Linux, webservers, and databases 

• Experience with IT ticketing systems and knowledge in ITL framework 

• Experience in a virtualized environment and knowledge of VMWare 

• Experience with NIST 800-53 based security assessments and authorization 

• Hands-on experience with one or more security scanners (e.g.Nessus, Nexpose, Web Inspect, HP FortifySCAP, Retina, etc) 

• Experience in identifying and documenting false positives and risk exceptions. 

• Significant written and verbal communication skills in security assessment documentation. 

Certifications 

• CISSP, CompTIA Security , SANS, or other security certifications 

Security Clearance 

• Agency Specific 

EOE AA M/F/Vet/Disability

. . . . . . . .

Leave a Reply