Sr Information Assurance Analyst

Sr Information Assurance Analyst

Job Number: 233389

Sr Information Assurance Analyst

Our client is seeking an experienced Information Assurance Analyst to perform system equipment cybersecurity scans and coordinate with network system administrators to ensure remediation efforts are completed successfully and provide the leadership, management, and supervisory IA skills identified in DoD Directive 8570.01-M. These skills and their associated duties may include the following:

Intrusion:

• Ensures the rigorous application of IA policies, principles, and practices in the delivery of all information technology (IT) and IA services.


• Leads and directs team personnel too quickly, efficiently and effectively to solve complex IA problems.


• Identifies IA requirements as part of the IT acquisition development process and assists in the formulation of IA /IT budgets. Plans, integrates, and schedules the installation of new or modified hardware, operating systems, and software applications.


• Supervises the assessment and implementation of identified computer and network environment fixes such as system patches and fixes associated with specific technical vulnerabilities as part of the Information Assurance Vulnerability Management program.


• Guides the implementation of appropriate operational structures and processes to ensure an effective IA security program including boundary defense, incident detection and response.


• Evaluates functional operation and performance in light of test results and make recommendations regarding C&A.


• Monitors and evaluates the effectiveness of IA security procedures and safeguards. Evaluates security violations to determine necessary initial and long term corrective action.


• Assesses impact, determines probably damage and suggest methods of damage control, conducts computer forensics, and follow-on analysis to build historical and predictive capabilities for IA incidents.


• Develops IA related customer support policies, procedures, and standards.


• Designs perimeter defense systems including intrusion detection systems, firewalls, grid sensors, etc., enhances rule sets to detect or block sources of malicious traffic, and establishes a protective net of layered defenses to prevent, detect, and eradicate threats.

Specialist:

• Ensures that protection and detection capabilities are acquired or developed using the security engineering approaches and are consistent with DoD Component level IA architecture.


• Has a working knowledge of DoD provided IA tools.


• Has a working knowledge of policy, guidance and evaluation criteria of the DoD Critical Infrastructure Program.


• Prepares and/or oversees the preparation of IA certification and accreditation documentation. Analyzes, develops, evaluates, and integrates IA policies.


• Assists in the gathering and preservation of evidence used in the prosecution of computer crimes.


• Identifies the IT security program implications of new technologies or technology upgrades.


• Conducts IA cost benefit, economic and risk analysis in the IT acquisition decision making process.


• Interprets security requirements relative to the capabilities of new information technologies. Interprets patterns of non-compliance to determine their impacts on levels of risk and/or overall effectiveness of IA programs.


• Analyzes identified security strategies and recommends the best approaches and/or practices.


• Monitors and evaluates the effectiveness of IA security procedures and safeguards to ensure they provide the intended level of protection


• This individual shall over-see the preparation of Risk Management Framework (RMF) cybersecurity certification and accreditation documentation plus identify and verify scanning requirements and remediation task order assigned cybersecurity enclaves. The individual shall be responsible for performing site survey and identify infrastructure and cybersecurity equipment deficiencies.


• Analyze and correlate anomalous events identified in Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Security Information and Event Management (SIEM) systems, and supporting devices/applications.


• These devices, applications, tools, and data include, but are not limited to the following:




• ArcSight SIEM (or similar capability)


• JIMS (Joint Incident Management System)


• HBSS (Host Based Security Systems),


• TCP (Transmission Control Protocol) Dump


• Attack, Sensing, & Warning Sensors (Snort, Full Packet Capture (PCAP)


• Flow data, Pipeline and Super Mediator)


• McAfee Intrushield IPS


• Router and firewall logs


• Syslog data, Web Proxy / Reverse Proxy logs


• SPLUNK


• Big Data Platforms


• NIKSUM and Cyber analytics applications and Netflow Data.




• Analyze, correlate and trend anomalous events and incidents to identify and characterize the threat or incident in such a manner that will:Identify the cause, source, and methodology of compromises or incident;


• Identify and recommend network configuration changes to deter the existing threat;


• Configure and fine tune detection/prevention capabilities for IDS, IPS, SIEM, and supporting devices/applications;


• Facilitate reporting and situational awareness to ARCYBER, DISA, CCMDs, and respective regional Theater Signal Commands;


• Facilitate reporting to Law enforcement and Counter-Intelligence investigation agencies;


• Update Incident Handling procedures, response guidelines, and checklists based on findings and lessons learned;


• Submit forensically sound media images to ARCYBER F&MA as directed.


• Experience reviewing and configuring Mod Security and Yara rules


• Knowledge of the Open IOC framework for consuming and integrating multiple machine readable formats of threat intelligence


• Basic knowledge of python scripting

REQUIRED SKILLS AND EXPERIENCE:

• Knowledge and minimum eight (8) years of experience in Information Assurance Systems/Network Analysis Experience with Network intrusion detection system (NIDS) software such as SNORT Experience with DoD Cyber Security (CS) guidance and regulations.


• Bachelor's Degree in a related field, preferred.


• Operating System Certifications: SNORT IDPS/IPS Training Certificate based on current market offerings.


• Training IAW PWS Requirements: IA Awareness Training CISSP-A (CEH, CFR, CSA+, GCIA, GCIH, GICSP, SCYBER)


• IAT Level II Certification


• This position requires an active Secret Security Clearance with the ability to obtain Top Secret.

THIRD PARTY AGENCIES, SUBCONTRACTORS, AND RECRUITERS NEED NOT APPLY. Applicants received from firms will not be considered. Subcontracting is not available for this position.