Sr. Security Analyst (Job Number:402570)
Description:
JOB DESCRIPTION:
This a skilled position as a Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Professional who has an in depth knowledge of security policy, software code checking, and hands-on configuring of security settings. This individual will conduct system security or information assurance (IA) assessments using the DIACAP, NIST Risk Management Framework (RMF), or equivalent industry process. The Engineer will ensure that software systems and mobile applications are designed, developed, and implemented according to the highest security standards and practices, including but not limited to DISA Security Technical Implementation (STIG) or NSA Security Configuration Guides. This position will analyze infrastructure, applications environments and web services from a security perspective. This position will execute threat management, vulnerability management, and breach management processes to prevent, detect, respond and recover from security incidents. This position provides security solutions and evaluates the impact new or updated systems have on the security infrastructure. This position participates in medium to high complexity projects impacting security, prepares reports for management, and consults with application development and infrastructure teams. This individual performs assessments through penetration testing and ethical hacking then analyzes security risks and recommends mitigating and compensating security controls. This position works closely with development teams to embed security during entire software development lifecycle.
Required Skills:
- Experience (5+ years) in software security with in depth knowledge of security policy, code reviews, and hands-on configuring of security settings using standards such as Security Technical Implementation (STIG) or NSA Security Configuration Guides.
- Experience conducting assessments using either the DoD IA Certification and Accreditation Process (DIACAP) or the NIST Risk Management Framework (RMF).
- Experience in one or more of the following technologies: RSA Data Loss Prevention (DLP), HP Fortify, Protegrity Data Protection Platform, Active Directory, Lightweight Directory Access Protocol (LDAP), CA IdentityMinder, CA SiteMinder, eEye Retina and/or DISA Security Readiness Reviews (SRR).
- Knowledge of threat management, vulnerability management, and breach management processes to prevent, detect, respond and recover from security incidents.
- Solid knowledge and understanding of operating systems including MS Windows, UNIX, and/or Linux.
- Solid knowledge and understanding of security threats, techniques, and landscape.
- Solid knowledge and understanding of database, network, server, and/o remote connectivity security.
- Experience responding to computer security incidents or intrusions.
Desired Skills:
- Experience in Computer Network Defense (CND) technology or related field. CND technology experience which includes performing assessments of systems and networks within the network environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
- Knowledge of the Federal Information Security Management Act (FISMA), DoD IA policy, and implementation (DoD 8500.2). Experience with collecting security artifacts and compiling DIACAP packages.
- Performed assessments through penetration testing and ethical hacking.
- Demonstrated experience programming and scripting for automation or integration.
- Demonstrated experience with application design reviews and threat modeling.
- Solid knowledge and understanding of web application security.
- Contractor shall conduct security reviews. Looks for weaknesses in system design, implementation, or operation that could be exploited. Ensures the right checks and balances are in place.
Qualifications:
TYPICAL EDUCATION AND EXPERIENCE:
Bachelor's degree or equivalent and 6+ years related experience.
SAIC Overview:SAIC is a leading provider of technical, engineering and enterprise information technology services to the U.S. government. Our 13,000 employees deliver systems engineering and information technology offerings for large, complex government programs, as well as a broad range of higher-end, differentiated technology services. The company is headquartered in McLean, Va. For more information, visit www.saic.com.
EOE AA M/F/Vet/Disability
Job Posting: Apr 11, 2014, 5:20:51 PM
Primary Location: United States-VA-FORT LEE
Clearance Level Must Currently Possess: None
Clearance Level Must Be Able to Obtain: Top Secret
Potential for Teleworking: No
Travel: None
Shift: Day Job
Schedule: Full-time
Description:
JOB DESCRIPTION:
This a skilled position as a Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Professional who has an in depth knowledge of security policy, software code checking, and hands-on configuring of security settings. This individual will conduct system security or information assurance (IA) assessments using the DIACAP, NIST Risk Management Framework (RMF), or equivalent industry process. The Engineer will ensure that software systems and mobile applications are designed, developed, and implemented according to the highest security standards and practices, including but not limited to DISA Security Technical Implementation (STIG) or NSA Security Configuration Guides. This position will analyze infrastructure, applications environments and web services from a security perspective. This position will execute threat management, vulnerability management, and breach management processes to prevent, detect, respond and recover from security incidents. This position provides security solutions and evaluates the impact new or updated systems have on the security infrastructure. This position participates in medium to high complexity projects impacting security, prepares reports for management, and consults with application development and infrastructure teams. This individual performs assessments through penetration testing and ethical hacking then analyzes security risks and recommends mitigating and compensating security controls. This position works closely with development teams to embed security during entire software development lifecycle.
Required Skills:
- Experience (5+ years) in software security with in depth knowledge of security policy, code reviews, and hands-on configuring of security settings using standards such as Security Technical Implementation (STIG) or NSA Security Configuration Guides.
- Experience conducting assessments using either the DoD IA Certification and Accreditation Process (DIACAP) or the NIST Risk Management Framework (RMF).
- Experience in one or more of the following technologies: RSA Data Loss Prevention (DLP), HP Fortify, Protegrity Data Protection Platform, Active Directory, Lightweight Directory Access Protocol (LDAP), CA IdentityMinder, CA SiteMinder, eEye Retina and/or DISA Security Readiness Reviews (SRR).
- Knowledge of threat management, vulnerability management, and breach management processes to prevent, detect, respond and recover from security incidents.
- Solid knowledge and understanding of operating systems including MS Windows, UNIX, and/or Linux.
- Solid knowledge and understanding of security threats, techniques, and landscape.
- Solid knowledge and understanding of database, network, server, and/o remote connectivity security.
- Experience responding to computer security incidents or intrusions.
Desired Skills:
- Experience in Computer Network Defense (CND) technology or related field. CND technology experience which includes performing assessments of systems and networks within the network environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
- Knowledge of the Federal Information Security Management Act (FISMA), DoD IA policy, and implementation (DoD 8500.2). Experience with collecting security artifacts and compiling DIACAP packages.
- Performed assessments through penetration testing and ethical hacking.
- Demonstrated experience programming and scripting for automation or integration.
- Demonstrated experience with application design reviews and threat modeling.
- Solid knowledge and understanding of web application security.
- Contractor shall conduct security reviews. Looks for weaknesses in system design, implementation, or operation that could be exploited. Ensures the right checks and balances are in place.
Qualifications:
TYPICAL EDUCATION AND EXPERIENCE:
Bachelor's degree or equivalent and 6+ years related experience.
SAIC Overview:SAIC is a leading provider of technical, engineering and enterprise information technology services to the U.S. government. Our 13,000 employees deliver systems engineering and information technology offerings for large, complex government programs, as well as a broad range of higher-end, differentiated technology services. The company is headquartered in McLean, Va. For more information, visit www.saic.com.
EOE AA M/F/Vet/Disability
Job Posting: Apr 11, 2014, 5:20:51 PM
Primary Location: United States-VA-FORT LEE
Clearance Level Must Currently Possess: None
Clearance Level Must Be Able to Obtain: Top Secret
Potential for Teleworking: No
Travel: None
Shift: Day Job
Schedule: Full-time