CTA3-122811 Cyber Analyst
Tuesday, 27 December 2011 13:26
PDF Print E-mail
Employment - Job Listings

Cyber Analyst, Information Assurance professionals needed. Multiple direct hire opportunities for intermediate and senior level talents.

 

Directive 63, Inc. (D.63) is seeking mid-level information assurance professionals with a minimum five years experience. At least two full years of experience performing NIST SP 800-30 / NIST SP 800-39 risk assessments and applying NIST SP 800-53 security controls. Additional experience with FISMA, FIPS, and writing NIST Certification and Accreditation documents (SSP, conops, Disaster Recovery Plans, Rules of Behavior, etc.).

 

Individual will perform numerous information assurance services for federal, civilian, military, law enforcement, and intelligence agencies. They will verify compliance with established security procedures and standards, identify and document vulnerabilities, and make recommendations on mitigating actions in conformance with client, NIST, OMB, and other guidelines. In addition, candidates will provide life-cycle security services including certification & accreditation (C&A), developing security architectures and solutions, performing security test and evaluations, and assisting clients in attaining their protection goals. Candidates will also assist clients with making decisions concerning information assurance requirements and security management including incident reporting and training and awareness. Please see below for required skills, experience, and education.

 

Key responsibilities

Required Skills: Candidates must have a strong analytical and organizational skill(s) with excellent written and verbal communication skills. The candidate will be capable of working independently as well as part of a larger group under minimal/moderate supervision. A technical background such as computer science, computer engineering, traditional engineering, mathematics, or the core sciences (Chemistry, Physics, Biology, etc.) is preferred, technical skills will assist with the Information Assurance tasks. Experience with implementing and/or analyzing IT Security / Information Assurance solutions in the context of NIST publications and guidance is a plus.

  • Will be developing (writing) certification and accreditation (C&A) documentation: support services to complete required C&A activities on designated software systems. Plan of action and milestones (POA&M): support for review of select controls, using an automated self-evaluation remediation and tracking tool. Identified vulnerabilities will be reported as part of the POA&M process.
  • Generating FISMA related documentation using risk management system (RMS) and trusted agent FISMA (TAF). Complete and update of the automated security self-evaluation and remediation tracking questionnaire regarding system controls.
  • Contingency planning / disaster recovery: draft, test, and finalize production of a contingency plan and a disaster recovery plan and procedures.
  • Contingency and disaster recovery drills: support services to complete the necessary reports for all the required activities during a contingency drill.
  • Thorough understanding of configuration management guidelines and policies as it pertains to change management and change control boards.
  • Document the framework and guidance needed to unify the existing it security elements into a cohesive, centrally managed, responsively governance organization. Specify the IT security policies, processes and initiatives that will reinforce the governance.
  • Execute proactive reviews and projects designed to identify and re mediate strategic it risk issues
  • Actively participate in global IT risk initiatives and projects
  • Work within an investigative/digital examination environment.  Ability to grasp fundamental differences between it and evidentiary systems and mitigate requirements normally associated with it.
  • Provide value added advisory and consultancy services on key it risk topics
  • Coordinate periodic vulnerability assessments, compile reports, and track completion of open issues
  • Appropriately support internal/external IT audits and responses to issues
  • Compile and assist in disseminating monthly risk dashboards to be presented to global IT council
  • Assist with development of IT risk management-related training materials and various other written reports
  • Secondary (backup) support administrator of the company's global comprehensive governance, risk and compliance solution; a central data repository and common functionality for risk assessment, reporting and issue tracking across all disciplines
  • Able to objectively assess it systems and processes, and devise effective solutions to mitigate risk

Minimum qualifications

  • BA/BS college degree in computer science, management information systems, mathematics, engineering, or related field from an accredited institution.
  • The candidate would also be certified (or able to obtain certification), such as a certified information system security professional (CISSP), certified information systems manager (CISM), certified information systems auditor (CISA) or equivalent / relative security certification.
  • Minimum of 5+ years of professional experience in information technology risk management, information security, or related field
  • Able to objectively assess IT systems and processes, and devise effective solutions to mitigate risk
  • Solid working level knowledge of MS Office Suite
  • Familiar with COBIT, RISKIT, PCI-DSS, CRISC, ISO27001, NIST, NISPOM, federal cyber security guidelines,etc
  • TS/SSBI

Preferred qualifications

  • Industry-recognized certification highly desirable (e.g., CISM, CISSP, CRISC, CEH)
  • IT audit experience

Professional skills

  • Excellent verbal and written communications skills
  • Ability to work independently and to manage multiple tasks/projects in a disciplined and organized fashion while maintaining attention to detail
  • Analytical problem solving skills and ability to evaluate areas of non-compliance and associated risk implications to the business
  • Excellent teamwork and client service skills
  • Demonstrated integrity
  • Must be flexible to changing operational demands and technologies with ability to recognize/understand the risks associated with those demands and provide mitigation strategies to meet those demands.