Under general supervision, performs independent assessment of the information security posture of an organization using applicable tools. Assesses information network threats such as computer viruses. Operates vulnerability assessment equipment in support of penetration analyses. Prepares evaluation reports.
Monitors security systems and analyzes potential threats and vulnerabilities to client systems. Assists in development and implementation of technical security policies. Supports Assessment and Authorization (A&A) of major systems and networks in accordance with the NIST Risk Management Framework (RMF). Coordinates technical incident response and remediation activities for client environments. Provides security analysis and consultation services for product, system and network architecture designs. Composes and sends alert notifications. Analyzes basic security findings and data. Identifies trends and root causes of system failures or vulnerabilities. Ensures that the Information Systems Security department's policies, procedures, and practices as well as other systems user groups are in compliance.
EDUCATION & EXPERIENCE:
Typically requires a bachelor's degree or equivalent and five to seven years of related experience.
Current Secret clearance required.
- CompTIA Security+ CE
- ITIL V3 Foundation (within 90 days of start date)
- CISSP, CISM or equivalent
- 2 to 3 years eMASS experience
- 2 to 3 years DIACAP/RMF experience
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.