IT Security Analyst

Education Bachelor’s Degree
Experience 04 – 05 years
Citizenship Requirement Permanent Resident
Clearance Required Public Trust
Location NY – Kings Point
Job Responsibilities
ActioNet, Inc. is seeking an Information Security (InfoSec) Analyst in support of the US Merchant Marine Academy in Kings Point, NY. The InfoSec Analyst is responsible for implementing and following MARAD and Federal Information Assurance policies and guidelines for securing MARAD information systems.

Job Responsibilities and/or Success Factors
– Work with the onsite support team to meet and exceed contract requirements concerning Information Security and the Academy’s adherence to Federal Information Assurance policies and procedures.
– Guide systems engineering design and development toward a “baked-in” security design using FISMA compliance baselines and DOT-specific policies and guidelines.
– Hands-on experience with Federal guidelines and controls including FISMA Systems, NIST 800-series guidelines, FIPS, C&A requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management.
– Proficient with vulnerability and scanning tools and well-versed in interpreting risk posture resulting from assessment reports. Experience in project management and tracking, and the Microsoft suite of office products.
– Maintain IT Security documents such as procedures, benchmarks, policies and manuals.

Skills Required
– Sold technical foundation as well practical and programmatic overall security experience
– One of the following certifications required: CISSP, CAP or GSLC.
– Bachelor’s degree in Computer Science or related field.
– Excellent customer service
Skills Preferred
– FISMA, NIST, and/or C&A experiences
– Risk assessment experience, especially with NIST 800-503 Threat identification, system security categorization, gap analysis, compliance reporting
– Security analysis experience, especially trend analysis, incident response, encryption
– Security assessment experience doing vulnerability scanning, penetration testing, system hardening, system integration, packet sniffing
– Lead monthly patch management cycles from start to end
– Develop, track, create and manage POA&Ms
– Operational security experience a definite plus
– Security plan knowledge and creation experience a definite plus
– Knowledge of and experience with quality assurance and continuous monitoring
– Accountable for the real-time analysis, commentary and handling of security events


. . . . . . . .

Leave a Reply