Senior Information Systems Security Analyst

  • WASHINGTON, DC
  • Posted 53 days ago | Updated 8 hours ago

Overview

On Site
USD 125,001.00 - 135,000.00 per year
Full Time

Skills

Information system security
NIST SP 800 Series
NIST 800-53
Web application security
Information systems
IT security
IT management
Risk assessment
Security policy
IT governance
Status reports
Security+
Security controls
Microsoft Office
Risk management
Cloud security
Google Cloud
Network security
Intrusion detection
Operating systems
Security analysis
Vulnerability scanning
Penetration testing
White hat
Event management
Log analysis
Customer service
Problem solving
Information Technology
Systems engineering
Cyber security
Security clearance
Regulatory Compliance
Management
Privacy
Documentation
Policies
Computer hardware
C
CISSP
CISM
Microsoft Azure
Cisco
Oracle
OMB
National Institute of Standards and Technology
FISMA
OWASP
Cloud computing
Amazon Web Services
SAP GRC
EMC RSA Archer
eMASS
CSAM
XACTA
Firewall
IDS
IPS
Virtual private network
Network
Microsoft Windows
Linux
Unix
Encryption
SSL
TLS
RSA
SIEM
Fluency
English
Communication
Doctrine
Analytical skill
SAP BASIS
FOCUS

Job Details

Job ID: 2405701

Location: WASHINGTON, DC, US

Date Posted: 2024-04-19

Category: Cyber

Subcategory: Cybersecurity Spec

Schedule: Full-time

Shift: Day Job

Travel: No

Minimum Clearance Required: None

Clearance Level Must Be Able to Obtain: Public Trust

Potential for Remote Work: No

Description

SAIC is looking for a Senior Information Systems Security Analyst to join our team supporting an important US government agency in the National Capital Region. This is an exciting opportunity to work with a team responsible for IT Security Risk and Compliance support by providing direct support to the Information System Security and Privacy Officer (ISSPO) in managing and documenting the ongoing security posture of the agency. The Senior Information Systems Security Analyst will support IT management with control assessment, development, and maintenance, and risk assessment and response development. Specifically, this job requires the following:
  • Develop and maintain IT security controls per NIST SP 800-53 and Agency Security Policy standards.
  • Collect and validate control implementation statements from subject matter experts.
  • Consult with experts to ensure work instructions align with agency security standards.
  • Conduct risk assessments for security issues and propose resolutions.
  • Document and communicate control deficiencies for POA&M consideration.
  • Support Continuous Security Monitoring for compliance with agency Security Policy
  • Assist in developing security policies, ensuring compliance, and updating documentation.
  • Conduct security reviews for changes impacting hardware, software, baselines, connections, or applications .
  • Review and assess POA&M outputs, recommending additional work or closure.
  • Support IT Governance, Risk, and Compliance activities, including standards management.
  • Provide information for status reports, briefings, schedules, and project plans in written and oral form.


This role requires on site work in Washington, D.C. 2 days per week.

Qualifications

EDUCATION & EXPERIENCE:
  • Undergraduate degree with nine years or Graduate degree with seven years of IT control or IT security experience in a technical environment with a variety of IT systems.
  • One or more current Security certifications (CISSP, CISM, Security+).
  • Experience serving in an information system engineer/administrator role implementing security controls.


REQUIRED SKILLS:
  • A solid understanding of IT security controls, tools, and concepts.
  • Experience working in a technical environment with IT platforms such as Microsoft Office 365, Azure, Cisco, Oracle, etc.
  • Understanding of OMB M-22-09 and EO 14028
  • Experience with NIST Risk Management and Cybersecurity Framework, FISMA, NIST 800-53, and IT control processes.
  • Experience implementing security measures within information systems engineering projects.
  • Understanding of web application security concepts, such as OWASP Top 10 vulnerabilities.
  • Knowledge of cloud security principles and best practices, particularly for major cloud platforms like AWS, Azure, or Google Cloud.
  • Familiarity with GRC frameworks/tools (Archer, eMASS, CSAM) and SA&A tools (Xacta).
  • Knowledge of cyber-attack patterns, Tactics, Techniques, and Procedures.
  • Ability to adapt security processes/tools to evolving landscapes and risk scenarios.
  • Proficiency in network security principles, including firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and secure network architectures.
  • Strong understanding of operating systems (e.g., Windows, Linux/Unix) and their security features and vulnerabilities.
  • Knowledge of encryption protocols and techniques, such as SSL/TLS, AES, RSA, etc.
  • Familiarity with security assessment tools and techniques, including vulnerability scanning, penetration testing, and ethical hacking.
  • Experience with security information and event management (SIEM) systems for log analysis and threat detection.
  • Fluency in spoken/written English for technical content, with strong communication skills.
  • Experience producing high-quality deliverables with minimal edits, quick review, and feedback on federal security doctrine.
  • Ability to thrive in a fast-paced environment, outstanding customer service skills.
  • Ability to document processes, explain complex policies in simple terms.
  • Familiarity with latest IT trends, security standards, excellent analytical thinking, and problem-solving skills.


Candidates for consideration must be eligible to obtain and maintain a Public Trust clearance.

Target salary range: $125,001 - $135,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.

SAIC accepts applications on an ongoing basis and there is no deadline.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.


About SAIC