NETE is seeking an Information Security Analyst – Security Configuration Management who will be a key member of a consulting team providing advice and support, to federal agencies, in the areas of security configurations and management. This role will be primarily responsible for performing assessments of systems and networks, w.r.t their configurations, within the network environment to identify where those systems/networks deviate from acceptable configurations or policies, and for measuring effectiveness of defense-in-depth architecture against known/detected misconfigurations as per the federal cybersecurity standards & guidelines.
Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
Support authorized penetration testing on enterprise network assets.
Prepare reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions;
Perform vulnerability analysis of misconfigurations; Measure effectiveness of controls against known vulnerabilities
Work with stakeholders (system administrators and owners) to manage misconfigurations
Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) impact\risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, supporting infrastructure, and applications).
Identify systemic security issues based on the analysis of misconfigurations
Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
Ensure remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.; Provide clear updates to management on vulnerabilities; Investigate, document, and report on status and emerging trends
Maintain up-to-date vulnerability profiles, including respective detection and countermeasures
Participate in industry task forces and working groups where appropriate to understand current and emerging vulnerabilities to stay up to date
Location: Rockville, MD
Minimum 3 years’ experience in Information Security is required in at least 3 of the following:
Application of Vulnerability\Risk management frameworks and processesUse of vulnerability\compliance management tools; AppScan, Tenable, ForeScout etc.
Creating\improving risk management policies, procedures and operations
Participating in cross functional efforts for managing organization wide risks
Collecting, organizing, analyzing and reporting updates, alerts, advisories, and bulletins
Use of industry-standards and widely accepted analysis principles and methods
Risk management processes (e.g., methods for assessing and mitigating risk).
Cybersecurity principles, security models, organizational requirements (w.r.t. confidentiality, integrity, availability, authentication, non-repudiation), cyber threats, risks and vulnerabilities, cryptography and cryptographic key management concepts, host/network access control mechanisms (e.g., ACLs), network access, identity, & access management (e.g., PKIs), Computer networking concepts and protocols, and network security methodologies.
Ethical hacking principles, general attack stages; Specific operational impacts of cybersecurity lapses; programming language structures and logic.
Basic system administration, network, and operating system hardening techniques
Able to communicate, verbally and in writing, complex-technical issues with simplicity & clarity
Strong Interpersonal skills, excellent attention to detail and analytical skills
Able to exercise discretion and maintain confidentiality
Proficient in reporting and answering analytical questions using vulnerability (compliance) data
BA or BS degree in MIS, CS, or related cybersecurity discipline (Masters preferred)
Industry standards such as CEH, CRISC, GRCP or related GIAC (preferred but not required)
NETE is a multi-award winning company as well as offers a collaborative working environment where growth is encouraged and nurtured. In addition, we offer competitive salaries that may include performance bonuses; and a comprehensive benefits package.
NET ESOLUTIONS CORPORATION (NETE) uses E-Verify to validate all new hires' ability to legally work in the United States.
NET ESOLUTIONS CORPORATION (NETE) is an equal opportunity employer and supports workforce diversity. All qualified applicants will receive consideration for employment without regard of race, color, national origin, religion, age, sex, disability, genetic information, sexual orientation, gender identity, pregnancy, child birth or related medical condition, marital status, veteran status or any other characteristic protected by law in terms, conditions and privileges of employment.
NETE is an Employer of National Service and encourages alumni of AmeriCorps and Peace Corps to apply for positions at our organization.
Disclaimer: The above description is intended to describe the general nature of work and level of effort being performed by individual’s assigned to this position or job description. This is not to be construed as a complete or exhaustive list of all skills, responsibilities, duties, and/or assignments required. Individuals may be required to perform duties outside of their position, job description, or responsibilities as needed.