Information Security Analyst

The Information Security Analyst is responsible for the planning, design, and implementation of technology and procedures designed to maintain the confidentiality, availability, and integrity of the information resources, computer, and networking systems. They provide recommendations to information system owners to ensure information systems are maintained in a state of compliance with established privacy, electronic communications, information protection, and records management policies. This individual must have strong knowledge of information protection and data privacy laws and considerations. Strong understanding of the Joint Special Access Program (SAP) Implementation Guide (JSIG), and Intelligence Community Directive (ICD) requirements.

• Performs security analysis of operational and development environments, threats, vulnerabilities, and internal interfaces to define and assess compliance with accepted industry and government standards

• Ensures the rigorous application of cybersecurity policies, principles, and practices in the delivery of all Information Technology (IT) and cybersecurity services

• Uses the Risk Managed Framework (RMF) to contribute to the Authorization and Assessment (A&A) process for new and existing information systems, to include facilitating Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acceptance Letters (RAL) and Continuous Monitoring (CONMON)

• Reviews various operating systems such as Windows and Linux for compliance with governing requirements

• Assess and document test or analysis data to show compliance with security requirements

• Direct, conduct and mitigate risk assessments and investigations; and oversee activities of incident response.

• Performs assessment of present levels of cyber security and possesses knowledge of proper cyber security practices

• Plans and schedules the installation of new or modified security hardware, operating systems, and software applications

• Ensures the assessment and implementation of identified computer and network environment fixes such as system patches and fixes associated with specific technical vulnerabilities as part of the Cybersecurity Vulnerability Management program

• Guides the implementation of appropriate operational structures and processes to ensure an effective cybersecurity program, including boundary defense, incident detection, and response

• Provide onsite incident response

• In-depth knowledge of continuous monitoring tools

Experience Requirements

• 8 years of Information Security or Cybersecurity experience

Education Requirements 

• BA/BS in Information Security/Cybersecurity or related field, or the equivalent combination of education, technical training, or work/military experience.

Certification Requirements

• DoD 8570.01 certification required – Security , or higher

Preferred Certifications

• IAT Level II certification preferred- GSEC/CySA/CASP CE

• IAT Level III certification preferred – CISSP

Security Requirements 

• Must have fully adjudicated Top Secret-SCI security clearance 

• CI/Polygraph may be required after hire

#armajobs