Information Security Analyst - Security Configuration Management

Qualifications Minimum 3 years experience in Information Security is required in at least 3 of the following: Application of Vulnerability\Risk management frameworks and process
Full Time, Full-time
Telecommuting not available Travel not required

Job Description

NETE is seeking an Information Security Analyst – Security Configuration Management who will be a key member of a consulting team providing advice and support, to federal agencies, in the areas of security configurations and management. This role will be primarily responsible for performing assessments of systems and networks, w.r.t their configurations, within the network environment to identify where those systems/networks deviate from acceptable configurations or policies, and for measuring effectiveness of defense-in-depth architecture against known/detected misconfigurations as per the federal cybersecurity standards & guidelines.


Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
Support authorized penetration testing on enterprise network assets.
Prepare reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions;
Perform vulnerability analysis of misconfigurations; Measure effectiveness of controls against known vulnerabilities
Work with stakeholders (system administrators and owners) to manage misconfigurations
Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) impact\risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, supporting infrastructure, and applications).
Identify systemic security issues based on the analysis of misconfigurations
Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
Ensure remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.; Provide clear updates to management on vulnerabilities; Investigate, document, and report on status and emerging trends
Maintain up-to-date vulnerability profiles, including respective detection and countermeasures
Participate in industry task forces and working groups where appropriate to understand current and emerging vulnerabilities to stay up to date

Location: Rockville, MD


Minimum 3 years’ experience in Information Security is required in at least 3 of the following:

Application of Vulnerability\Risk management frameworks and processesUse of vulnerability\compliance management tools; AppScan, Tenable, ForeScout etc.
Creating\improving risk management policies, procedures and operations
Participating in cross functional efforts for managing organization wide risks
Collecting, organizing, analyzing and reporting updates, alerts, advisories, and bulletins
Use of industry-standards and widely accepted analysis principles and methods

Must know

Risk management processes (e.g., methods for assessing and mitigating risk).
Cybersecurity principles, security models, organizational requirements (w.r.t. confidentiality, integrity, availability, authentication, non-repudiation), cyber threats, risks and vulnerabilities, cryptography and cryptographic key management concepts, host/network access control mechanisms (e.g., ACLs), network access, identity, & access management (e.g., PKIs), Computer networking concepts and protocols, and network security methodologies.
Ethical hacking principles, general attack stages; Specific operational impacts of cybersecurity lapses; programming language structures and logic.
Basic system administration, network, and operating system hardening techniques

Must be

Able to communicate, verbally and in writing, complex-technical issues with simplicity & clarity
Strong Interpersonal skills, excellent attention to detail and analytical skills
Able to exercise discretion and maintain confidentiality
Proficient in reporting and answering analytical questions using vulnerability (compliance) data


BA or BS degree in MIS, CS, or related cybersecurity discipline (Masters preferred)
Industry standards such as CEH, CRISC, GRCP or related GIAC (preferred but not required)

NETE is a multi-award winning company as well as offers a collaborative working environment where growth is encouraged and nurtured. In addition, we offer competitive salaries that may include performance bonuses; and a comprehensive benefits package.

NET ESOLUTIONS CORPORATION (NETE) uses E-Verify to validate all new hires' ability to legally work in the United States.

NET ESOLUTIONS CORPORATION (NETE) is an equal opportunity employer and supports workforce diversity. All qualified applicants will receive consideration for employment without regard of race, color, national origin, religion, age, sex, disability, genetic information, sexual orientation, gender identity, pregnancy, child birth or related medical condition, marital status, veteran status or any other characteristic protected by law in terms, conditions and privileges of employment.

NETE is an Employer of National Service and encourages alumni of AmeriCorps and Peace Corps to apply for positions at our organization.

Disclaimer: The above description is intended to describe the general nature of work and level of effort being performed by individual’s assigned to this position or job description. This is not to be construed as a complete or exhaustive list of all skills, responsibilities, duties, and/or assignments required. Individuals may be required to perform duties outside of their position, job description, or responsibilities as needed.
Dice Id : 10203295
Position Id : 441
Have a Job? Post it

Similar Positions

Information Security Analyst
  • Robert Half Technology
  • Silver Spring, MD
IT Security Analyst
  • Attain
  • Washington, DC
System Security Analyst
  • VariQ Corporation
  • Washington, DC
Cyber Security
  • Saicon Consultants Inc.
  • Washington, DC
Cybersecurity Policy Analyst
  • TCG
  • Washington, DC
Information Security FISMA Analyst
  • Tetrad Digital Integrity Inc
  • Bethesda, MD
Cyber Security Analyst (Multiple Openings)
  • NetSource, Inc.
  • Washington, DC
Security Analyst (FISCAM and COBIT)
  • AETEA Information Technology Inc
  • Washington, DC
Cyber Security Analyst
  • Primastep LLC
  • Washington, DC
Information Systems Security Officer
  • Axxum Technologies LLC
  • Washington, DC
Mid-Level A&A Analyst Job
  • SAIC
  • Vienna, VA
Sr. IT Security Analyst
  • Washington Suburban Sanitary Commission
  • Laurel, MD
Cyber Security Analyst
  • Maximus, Inc.
  • Falls Church, VA
Jr/Mid Security Assessor
  • Blue Canopy Group LLC
  • Arlington, VA
Cyber Security Opportunities- All Levels
  • General Dynamics Information Technology
  • Fairfax, VA