Information Security Analyst

at  General Dynamics Information Technology

Type of Requisition:
Regular
Clearance Level Must Currently Possess:
Top Secret/SCI
Clearance Level Must Be Able to Obtain:
Top Secret/SCI
Suitability:
Public Trust/Other Required:
Job Family:
Information Security
Job Qualifications:
Skills:
Computer Security, Information Assurance, Information Systems, Security Policies, Systems Security
Certifications:
CASP+CE - CompTIA - CompTIA, CISM: Certified Information Security Manager - ISACE, CISSP - ISC2
Experience:
5 + years of related experience
US Citizenship Required:
Yes
Job Description:
GDIT has an exciting opportunity to contribute our nation’s security by protecting us from some of the most dangerous global threats. The Defense Threat Reduction Agency’s (DTRA) Operational Information Management System (OIMS) is the hub of integrating information on DTRA’s global operations and tracking DTRA’s activities in support of the Department of Defense’s mission to deter, prevent and prevail against weapons of mass destruction threats. GDIT is seeking motivated and qualified individuals to support the operational functions of OIMS, as well as individuals to maintain, develop and modernize OIMS’ IT infrastructure. As a Information Security Analyst, you will play a leading role in securing the web-based applications that support DTRA OIMS.

Primary Responsibilities:

• Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. Monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security
• Conducting security assessments; ensuring protection of the integrity availability, authenticity, non-repudiation and confidentiality of data through monitoring and mitigation tasks; and ensuring compliance with DoD Information Assurance Vulnerability Alerts (IAVA).
• Develops Authority to Operate (ATO) packages and Information Assurance compliance
• Monitors and analyzes Intrusion Detection Systems (IDS) to identify security issues for remediation
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
• Evaluates firewall change requests and assesses organizational risk
• Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications, and operating systems
• Assists with implementation of countermeasures or mitigating controls
• Conducts regular audits to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in security plans
• Develops, tests, and operates firewalls, intrusion detection systems, enterprise antivirus systems and software deployment tools
• Safeguards the network against unauthorized infiltration, modification, destruction, or disclosure
• Researches, evaluates, tests, and implements new security software or devices
• Conducts investigations of information systems security violations and incidents, reporting as necessary to management
• Implements, enforces, communicates, and develops security policies or plans for data, software applications, hardware, telecommunications, and information systems security education/awareness programs
• Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance
• Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information
• Provides information assurance project management, technical security staff oversight, and development of mission-critical technical documents
• Ensure compliance with regulations and privacy laws
• Develops materials for computer security education/awareness programs
• Responds to queries and requests for computer security information and reports
• May coach and provide guidance to less-experienced professionals
• May serve as a team or task lead

Required Characteristics:

• Technical Training, Certification(s) or Degree, 5+ years of experience
• TS/SCI Security Clearance
• Must meet 8570.01M certification requirements (CISSP, CASP+CE)

• Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. Monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security
• Conducting security assessments; ensuring protection of the integrity availability, authenticity, non-repudiation and confidentiality of data through monitoring and mitigation tasks; and ensuring compliance with DoD Information Assurance Vulnerability Alerts (IAVA).
• Develops Authority to Operate (ATO) packages and Information Assurance compliance
• Monitors and analyzes Intrusion Detection Systems (IDS) to identify security issues for remediation
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
• Evaluates firewall change requests and assesses organizational risk
• Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications, and operating systems
• Assists with implementation of countermeasures or mitigating controls
• Conducts regular audits to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in security plans
• Develops, tests, and operates firewalls, intrusion detection systems, enterprise antivirus systems and software deployment tools
• Safeguards the network against unauthorized infiltration, modification, destruction, or disclosure
• Researches, evaluates, tests, and implements new security software or devices
• Conducts investigations of information systems security violations and incidents, reporting as necessary to management
• Implements, enforces, communicates, and develops security policies or plans for data, software applications, hardware, telecommunications, and information systems security education/awareness programs
• Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance
• Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information
• Provides information assurance project management, technical security staff oversight, and development of mission-critical technical documents
• Ensure compliance with regulations and privacy laws
• Develops materials for computer security education/awareness programs
• Responds to queries and requests for computer security information and reports
• May coach and provide guidance to less-experienced professionals
• May serve as a team or task lea