Job Description :
Security Analyst 3. Need Active Secret clearance.
Location Washington, DC 20004, USA
The qualified applicant will become part of the Department of Justice (DOJ), Cyber Security Support staff performing Cyber Security Analysis for DOJ, which includes:
Develop and coordinate all authorization documentation associated with the DOJ processes including the Systems Categorization, Systems Security Plan, and Systems risk assessment
Act on the behalf of the Information System Security Officer (ISSO) to the supported component
Support the control assessment, reporting and monitoring processes using the Cyber Security and Assessment Management (CSAM) system
Assist the component with staying on track with Core Controls and A-123 control assessment schedules
Working with components to ensure each Risk Based Decisions (RBD’s) has a current Waivers.
Coordinate with CSS Customer Liaison support, including status of the process and POA&Ms.
Support and document security controls tests, assist in remediation and ensure that POA&Ms are being appropriately managed.
Develop or update the Business Continuity and Contingency Plan for the component.
Assist the components with decisions that affect security of their systems and networks.
Facilitate preparations for the tri-annual Security Assessment and Authorization (SA&A) componet''s Information System.
Conduct assessments of information systems security requirements, evaluate current security posture and recommend priorities for remediation.
Review information system infrastructure and application architecture to assess security requirements
Review existing SA&A documentation, Security Assessment Report and security infrastructure (i.e. IDS, firewalls, vulnerability scan tools, etc
Assess NIST 800-53, Rev 4. Controls and document results in DOJ CSAM repository.
Evaluate and strengthen standard SA&A Documentation
Performing and documenting risk assessments, analyzing security vulnerabilities, and the metrics to measure the risks associated with those vulnerabilities;
Based on the risk profile of the analyzed systems, development and documentation of a Plan of Action and Milestones (POA&M) for mitigating those risks;
Design and development of comprehensive Systems Security Plan, covering at a high level the infrastructure, policies and procedures which define the systems security profile for the analyzed systems;
Development of Systems Security Users Guides specific to selected networks, desktop computers, servers and data base systems;
Design, development, and validation of System Test and Evaluation (ST&E) reviews for new and/or legacy systems.
Review and conduct NIST-based Self Assessments, identifying any weaknesses which need to be addressed, and developing a POA&M for each of those weaknesses based on industry best practices.
Design and development of Initial Privacy Assessment (IPA) and Privacy Impact Assessments (PIAs) for each major Federal Government IT Systems
Developing and conducting System Test and Evaluations (ST&Es) and Independent Verification and Validation (IV&Vs) of the security profiles of Federal Government IT Systems
Conducting OMB A-123 security assessments of Federal Government IT Systems.
Design, engineer, configure and administer Splunk content
Assist in the proper operation and performance of Splunk, Loggers and connectors
Integration of data feeds (logs) into Splunk. Perform Content Development to properly identify data feeding SIEM’s and correlation of events. Develop filters to assist in the identification of significant events
Provide recommendations and implement changes to optimize Splunk products in the customer environment • Write and develop custom scripts, programs as needed
Provides strategic support of Splunk integration and deployment, configuration and maintenance
Must understand, interpret and develop content for SIEM products to meet internal and external customer requirements
Will coordinate with other organizations (SOC/JSOC) and assist with advanced issue resolution across the enterprise
Design, engineer, configure and administer Splunk content
Assist in the proper operation and performance of Splunk, Loggers and connectors
Integration of data feeds (logs) into Splunk. Perform Content Development to properly identify data feeding SIEM’s and correlation of events. Develop filters to assist in the identification of significant events
Provide recommendations and implement changes to optimize Splunk products in the customer environment • Write and develop custom scripts, programs as needed
Provides strategic support of Splunk integration and deployment, configuration and maintenance
Must understand, interpret and develop content for SIEM products to meet internal and external customer requirements
Will coordinate with other organizations (SOC/JSOC) and assist with advanced issue resolution across the enterprise
Minimum qualifications:
8 years’ experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
8 years’ experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
8 years IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security C&A (or SA&A) and ATO on a range of systems including classified systems • Strong working knowledge with NIST Special Publications and the NIST SP 800-37 SA using CSAM system
Strong working knowledge working with software packages: DBProtect, Splunk, Tenable PVS and LCE
Experience with the use of the DOJ CSAM application.
Preferred Qualifications:
12 Years experience and a Bachelors in Science in Information Technology or Cyber Security
Certified Information Systems Security Professional (CISSP) - maintained and current
Certified Information Security Manager (CISM) - maintained and current
Experience conducting FISCAM-based security audits of Federal Government IT Systems.
Experience with DISA STIG configuration requirements
Certified Information Systems Auditor (CISA) certification - maintained and current.
Certified Authorization Professional (CAP) - maintained and current
Experience with Department of Justice information systems.
Experience with the use of the DOJ CSAM application.
Security Tool experience (e.g. Splunk, FoundStone, Nessus/Tenable, DBProtect, AppDetective, Tivoli/BigFix, Sharepoint, Guardium, WebInspect