TJFACT, a current Department of State contracting company, is currently seeking to hire a INFORMATION SYSTEMS SECURITY - SENIOR DATA ANALYST, CONTINUOUS MONITORING to support DoS Rosslyn operations.
* All applicants must have a Top Secret Clearance*
Shifts are 1445 – 2330 and 2230 – 0715 hours
The individual in this position must be familiar with the following:
1) Information system vulnerability assessment and analysis
2) Incident handling and electronic data discovery
3) Experience in the correlation and analysis of events, designing, implementing, tuning, and using the ArcSight Security Information and Event Management (SIEM) tool to detect IT security incidents.
4) Configuring and monitoring Intrusion Detection Systems (IDS) and read, interpret and analyze network traffic and related log files
5) Establishing or maintaining network software parameters used for insider threat analysis; e.g., ArcSight security authorization tables, configuration definitions, file access tables.
6) Experience detecting malicious insider threat activity
7) Experience analyzing and reporting information technology (IT) security alerts
8) Experience analyzing IDS alerts, system logs, and/or SQL and data warehousing
9) Experience with Microsoft Windows operating environment and administration
10)Documentation of threat reports, assessments and briefings
May be called upon to have functional knowledge or expertise in one or more of the following duties and responsibilities:
1) Security alert event configuration and management, continuous monitoring of multiple security technologies such as IDS/IPS, syslog, file integrity, vulnerability scanners, correlating and analyzing events, designing, implementing, tuning, and using ArcSight SIEM tool to detect IT security incidents, following operational processes and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents, testing new systems compatibility to enable application optimizations system monitoring and analysis, low-level programming and design of more complex features using best practices for development and ensuring effective application across the enterprise
2) Insider threat network and host continuous monitoring, traffic analysis, and intrusion detection.
3) Planning and conducting security accreditation reviews for initial installation of systems and networks using such capabilities as vulnerability and network analysis, VoIP and wireless network analysis, and insider threat analysis.
4) Using defense measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
5) Conducting event analysis on captured user, computer, communication and network security events using a suite of security tools and system security features to determine security vulnerabilities, policy violations, malicious behavior and/or conduct security incident analysis.
6) Configuring and monitoring intrusion detection systems; reading interpreting and analyzing network traffic and related log files.
7) Insider threat network and host continuous monitoring, traffic analysis, and intrusion detection.
8) Monitoring and evaluating a system’s compliance with Information Technology security requirements in accordance with ICD 502/503, ICS 500-27, CNSSI 1253 and the NIST 800-53 security controls.
9) Conducting regular event analysis searching for and extracting information, and incident response from suite of security tools and system security features (HBSS, IDS, Insider Threat, Anti Virus, Firewall, System Security Logs and events, etc.
10)Documenting a system’s compliance in accordance with above directives, instructions and per the Federal Information Security Management Act (FISMA)
11)Providing full characterization of information system security environments, including system connectivity, in terms of administrative, technical and organizational factors concerning continuous monitoring techniques and methods, and develop risk management alternatives for securing environmental requirements and problems.
12)Providing information technology (IT) security technical expertise to support the operations of the Department-wide, 24/7 security monitoring center (the Computer Security Incident Response Center) that monitors specific Departmental computer and network systems operations for insider threats.
13)Developing information system risk-management alternatives and changes by applying expert judgment and ingenuity in interpreting information and providing recommendations or making decisions which impact insider threat/continuous monitoring policies and programs.
14)Advising management of assessed problems relating to ongoing insider threats to organizational information security activities.
15)Providing comprehensive technical reports based on analytical findings.
16)Assisting in the management of enterprise computer network defense systems.
17)Advising management of assessed problems relating to organizational information security activities, to include insider threats and computer security incident response procedures.
18)Participating in interagency working groups and committees.
19)Conducting liaison with other Government agencies and/or public/private companies
1) A Bachelor’s Degree, preferably in an Information Technology (IT) field, plus 8 years of related experience. Additional years of related experience may be substituted for a Bachelor’s Degree, or additional years of education may be substituted for years of related experience. Please see the equivalencies tables below.
Four years of the experience must be in data analysis, incident handling, electronic data discovery, and/or other projects related to network protection.
Two years’ experience must be in systems security to include analysis of technical information to provide threat indicators and trends.
4) Preferred certifications:
a. Certified Information Systems Security Professional (CISSP)
b. ArcSight Certified Integrator/Administrator (ACIA)
c. ArcSight Certified Security Analyst (ACSA)
d. Microsoft Certified Systems Engineer (MCSE)
e. Microsoft Certified IT Professional (MCITP)
f. GIAC Certified Incident Handler (GCIH)
g. Certified Ethical Hacker (CEH)
h. Comp TIA Security+
i. SANS GIAC GCIA
j. Intrusion Analyst Certification or Forensics Analyst Certification
k. Certified Authorization Professional (CAP)_
l. Microsoft Certified Solutions Associate (MCSA)
m. Microsoft Technology Associate (MTA)