Information Systems Security Analyst

The Information Systems Security Analyst (ISSA) is responsible for maintaining information security policies, procedures and settings within the classified environment. The ISSA serves as a technical advisor on information systems under his/her purview. In addition, the ISSA will collaborate with customers during the design and development phase to translate security and business requirements into achievable processes and systems. The ISSA is responsible for the day-to-day security operations of a system, or enclave within SNC’s highly dynamic and fast-paced environment.

PRIMARY RESPONSIBILITIES INCLUDE:
• Serve as site Information Systems Security Officer (ISSO) and maintain security documentation for system hardware and software, to include SSP’s, POA&M’s, equipment specifications, practices and procedures
• Perform mandatory Information System (IS) patching, updating, and scanning based on vulnerabilities and threats or regulatory compliance; maintain the day-to-day security posture and continuous monitoring for all systems
• Conduct risk assessment testing procedures for verification of Certification & Accreditation (C&A)/A&A/RMF safeguards to meet various regulatory requirements based upon NISPOM, RMF for DoD IT, ICD 503, JSIG & NIST guidelines
• Evaluate IS threats and vulnerabilities to determine whether additional safeguards are needed for a wide range of IS security related areas including architectures, firewalls, electronic data traffic, and network access
• Interpret government security classification guides (SCG) to determine classified system requirements and prepare written instructions to facilitate proper security implementation throughout the system lifecycle
• Collaborate with customers (internal and external) during the design and development process to employ best practices when implementing security requirements and controls
• Apply configuration Management (CM) policies and procedures for authorizing the use of hardware/software on an IS; participate in the Configuration Control Board (CCB) to ensure changes are NOT detrimental to system security
• Coordinate with security managers (both corporate and local), Facility Security Officer (FSO) and Information Systems Security Engineers (ISSE) to define, implement and maintain information security policies, strategies, and procedures
• Implement policies and procedures for responding to security incidents, and for investigating and reporting security violations and incidents; assist the SNC IT cyber group with forensic investigations across the corporation
• Assess changes to an IS by performing periodic self-inspections, tests and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed
• Administer IS security education, awareness, and training activities for facilitymanagement, IS personnel, users, and others, as appropriate
• Periodic travel to SNC, customer and partner facilities (CONUS and OCONUS) in support of programs
• Interface with company and customer staff at all levels
• Punctuality to work each day and prepared to work scheduled work hours or longer as needed
• Other duties as assigned
* SNC job descriptions are meant as summarizations only. They do not necessarily reflect all duties and responsibilities of a position

Job Requirements:
EDUCATION/EXPERIENCE/SKILLS REQUIRED:
• Bachelor of Science in Information Technology/Information Security, Computer Science, Engineering, equivalent technical discipline or equivalent years of related experience
• DoD 8570 compliant: Security+, CASP and/or other equivalent security certification (desired) required within 6 months of hire; Cisco, MCSE, MCSA or LINUX certifications a plus
• 2+ years of experience in Information Technology (IT) in a classified environment, or experience as an ISSO in government/industrial security or an intelligence career field
• Extensive experience with the following Information Assurance compliancy tools: Nessus, SCC, HBSS, ACAS, eMASS and XACTA (desired)
• Experience with configuring and managing network devices: switches, routers, firewalls and IDS/IPS (desired)
• Knowledge of technical standards relating to automated information system security; experience administering UNIX, Linux, andWindows operating systems, experience with large-scale server systems, thin client architecture, system virtualization and other related peripherals
• Experience with certification/authorization requirements as outlined in the NISPOM, RMF for DoD IT, ICD 503, JSIG
& NIST RMF
• Complete/thorough understanding of US Government IS security policies, STIG’s, SRG’s
• Ability to balance information security requirements with SNC’s mission, goals, and culture
• Strong communication skills, strong critical thinking and problem solving skills; self-motivated with ability to effectively prioritize multiple projects; ability to work with people in a team environment and deal effectively with changing project priorities
• Ability to manage time, make sound decisions, take independent action, analyze problems and provide focused solutions
• High degree of attention to detail

* Must be a United States citizen
* Must possess an active final SECRET clearance, with the ability to obtain and maintain a TOP SECRET clearance with access to Sensitive Compartmented Information (SCI)

Sierra Nevada Corporation is an Equal Opportunity Employer

– Minority / Female / Disability / Veteran, or any other protected status

pursuant to applicable local, state or federal law, ordinance or regulation.

Source:https://snc.wd1.myworkdayjobs.com/en-US/SNC_External_Career_Site/job/CO—Centennial-Arapahoe-2/Information-Systems-Security-Analyst–ISSA-_R0001541?rf=Indeed.com