System Security Analyst

CODE Plus, Inc.
Oak Ridge, TN
Full-time

Profile insights

Find out how your skills align with the job description

Licenses

Do you have a valid Top Secret Clearance license?

Skills

Do you have experience in Tableau?

Education

Do you have a Master's degree?

Job details

Here’s how the job details align with your profile.

Job type

  • Full-time

Shift and schedule

  • 8 hour shift

Location

Oak Ridge, TN

Benefits
Pulled from the full job description

  • 401(k)
  • Dental insurance
  • Health insurance

Full job description

CODE Plus, Inc., an IT government contractor, located in Fairfax Virginia with 29 years of experience within the Federal Agencies and Local government space is seeking a Systems Security Analyst Responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security.

Responsibilities

  • Apply security policies to B2B applications and meet system security objectives.
  • Implement service-oriented security architecture principles.
  • Conduct security reviews of ICS and SCADA, identifying gaps and developing risk management plans.
  • Document security operations and maintenance activities.
  • Ensure timely application of security patches and cybersecurity-enabled products.
  • Implement cybersecurity countermeasures and conduct testing.
  • Assess and monitor security controls, configuration management, and access controls.
  • Provide guidance to leadership and contribute to the Risk Management Framework process.
  • Verify and update security documentation and analyze security posture trends.
  • Mitigate security deficiencies, assess system implementation practices, and ensure minimum security requirements.
  • Collaborate with stakeholders to resolve security incidents and provide input for contingency and continuity plans.

Required Skill and Knowledge

  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of Industrial Control System/Supervisory Control and Data Acquisition System threats, vulnerabilities, security controls and methods.
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cryptography and cryptographic key management concepts
  • Knowledge of installation, integration, and optimization of system components.
  • Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
  • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, nonrepudiation).
  • Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • Knowledge of the systems engineering process.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • Knowledge of Personally Identifiable Information (PII) data security standards.
  • Knowledge of information technology (IT) risk management policies, requirements, and procedures.
  • Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
  • Knowledge of developing and applying user credential management system.
  • Knowledge of implementing enterprise key escrow systems to support data-at-rest Knowledge of an organization's information classification program and procedures for Knowledge of countermeasure design for identified security risks.
  • Knowledge of how to use network analysis tools to identify vulnerabilities.
  • Skill in designing the integration of hardware and software solutions.
  • Skill in developing and applying security system access controls.
  • Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
  • Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, nonrepudiation)

Qualifications

  • PhD in a Technical field and 2-5 years of related experience or a Masters in a technical field and 10 or more years of related experience.
  • Senior level experience in Security Information and Event Management (SIEM)
  • Q* or Top Secret Clearance*

Job Type: Full-time

Benefits:

  • 401(k)
  • Dental insurance
  • Health insurance

Experience level:

  • 2 years
  • 5 years

Schedule:

  • 8 hour shift

Security clearance:

  • Top Secret (Required)

Ability to Relocate:

  • Oak Ridge, TN: Relocate before starting work (Required)

Work Location: In person

If you require alternative methods of application or screening, you must approach the employer directly to request this as Indeed is not responsible for the employer's application process.