Information Systems Security – Senior Data Analyst - H4 Enterprises

H4 Enterprises is currently seeking the following:

POSITION SUMMARY

The Information Systems Security - Senior Data Analyst will assist the assigned Government Division Chief and assigned team leader with various IT security duties in support of the Department's information security and information assurance needs of SCI IT networks. The contractor is responsible for implementing IC policies and standards for the protection of the SCI being processed on DOS IT system.

RELATIONSHIPS

The Senior Data Analyst will receive direct government oversight, assignments, and directions from the assigned Government Office/ Program Director, through an assigned team leader.

DUTIES & RESPONSIBILITIES

Technical Expertise, Delivery, and Support

• Provides information technology (IT) security technical expertise to support the operations of the Department-wide, 24/7 security monitoring center (the Computer Security Incident Response Center) that monitors specific Departmental computer and network systems operations for insider threats
• Develops information system risk-management alternatives and changes by applying expert judgement and ingenuity and interpreting information
• Provides recommendations or makes decisions, which impact insider threat/continuous monitoring policies and programs
• Follows operational processes and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents
• Conducts low-level programming and design of more complex features using best practices for development and ensuring effective application across the enterprise
• Provides full characterization of information system security environments, including system connectivity, in terms of administration, technical, and organizational factors converting continuous monitoring techniques and methods, and develops risk management alternatives for securing environmental requirements and problems
• Provides comprehensive technical reports based on analytical findings
• Advises management of assessed problems relating to ongoing insider threats to organizational information security activities and of enterprise computer security incident response procedures
• Conducts security alert event configuration and management
• Tests new systems compatibility to enable application optimizations system monitoring and analysis
• Plans and conducts security accreditation reviews for initial installation of systems and networks using such capabilities as vulnerability and network analysis, VoIP and wireless network analysis, and insider threat analysis
• Monitors and evaluates a system's compliance with Information Technology security requirements in accordance with ICD 502/503, ICS 500-27, CNSSI 1253 and the NIST 800-53 security controls
• Documents a system's compliance in accordance with above directives, instructions and per the Federal Information Security Modernization Act (FISMA)
• Assists in the management of enterprise computer network defense systems
• Participates in interagency working groups and committees
• Conducts liaison with other Government agencies and/or public/private companies

Threat Monitoring and Analysis

• Provides knowledgeable and capable support to ensure complete and comprehensive monitoring of user activity on classified network to detect activity indicative of insider threat behavior
• Continuously monitors via multiple security technologies such as IDS/IPS, syslog, file integrity, and vulnerably scanners
• Designs, implements tuning, and uses ArcSight SIEM tool to detect IT security incidents
• Provides investigative support to the Insider Threat Program via network based forensic applications and other investigative duties
  • Implements standard operating procedures to aggregate internal and third-party data sets to achieve and maintain compliance with E.O. 13587 and applicable Intelligence Community (IC) Directives and Standards
• Conducts event analysis on captured user, computer, communication, and network security events using a suite of security tools and system security features to determine security vulnerabilities, policy violations, malicious behavior, and/or conduct security incident analysis
• Performs insider threat network and host continuous monitoring, traffic analysis, and intrusion detection for possible means of compromise
• Performs in-depth analyses including log analysis, behavior analysis, trend analysis, pattern analysis, and other specialized analyses to determine trends, patterns, and suspicious activity
• Conducts regular event analysis searching for and extracting information, and incident response from suite of security tools and system security features (HBSS, IDS, Insider Threat, Anti-Virus, Firewall, System Security Logs and events, etc.
• Uses defense measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats
• Configures and monitors intrusion detection systems, reading, interpreting, and analyzing network traffic and related log files

PROFESSIONAL QUALIFICATIONS & SKILLS

• Citizenship
  • Citizenship required
• Education
  • Bachelor's degree in an Information Technology (IT) field
• Experience
  • Eight (8) years of related IT experience
    • 4 years of experience must be in data analysis, incident handling, electronic data discovery, and/or other projects related to network protection
    • 2 years of experience must be in systems security to include analysis of technical information to provide threat indicators and trends
    • Allowable substitutions of education and experience - minimum education and experience will be met when the equivalencies below are considered
      • Actual: D. à 6 years of experience credited
      • Actual: MA/MS à 2 years of experience credited
    • Additional experience more than requirements can be substituted for educational requirement
      • Actual: HS/GED à 5 years of experience more needed
      • Actual: Tech-Inst à 4 years of experience more needed
      • Actual: Military Training à 4 years of experience more needed
      • Actual: AA/AS à 3 years of experience more needed
    • Current CISSP, CRISC, CISM, CISA, CEH, or DoD 8570 IAM III equivalent certifications
    • Preferred: Department of State experience
    • Preferred Certifications:
      • Certified Information Systems Security Professional (CISSP)
      • ArcSight Certified Integrator/Administrator (ACIA)
      • ArcSight Certified Security Analyst (ACSA)
      • Microsoft Certified Systems Engineer (MCSE)
      • Microsoft Certified IT Professional (MCITP)
      • GIAC Certified Incident Handler (GCIH)
      • Certified Ethical Hacker (CEH)
      • Comp TIA Security+
      • SANS GIAC GCIA
      • Intrusion Analyst Certification or Forensics Analyst Certification
      • Certified Authorization Professional (CAP)
      • Microsoft Certified Solutions Associate (MCSA)
      • Microsoft Technology Associate (MTA)
    • Proficient with information system vulnerability assessment and analysis
    • Proficient with incident handling and electronic data discovery
    • Skilled in the correlation and analysis of events, designing, implementing, tuning, and using the ArcSight Security Information and Event Management (SIEM) tool to detect IT security incidents
    • Proficient in configuring and monitoring Intrusion Detection Systems (IDS) and reading, interpreting, and analyzing network traffic and related log files
    • Experience establishing or maintaining network software parameters used for insider threat analysis, g., ArcSight security authorization tables, configuration definitions, file access tables
    • Proficient detecting malicious insider threat activity
    • Experience analyzing and reporting information technology (IT) security alerts
    • Experience analyzing IDS alerts, system logs, and/or SQL and data warehousing
    • Skilled with Microsoft Windows operating environment and administration
    • Experience documenting threat reports, assessments, and briefings

CLEARANCE REQUIREMENT

Position will be subject to a U.S. Government Security Investigation. Incumbent must possess or obtain/maintain minimum a TOP SECRET clearance with ability to obtain/maintain special access requirements (SCI).

PLACE OF PERFORMACE

Primarily, the work will take place at a designated Department of State Location in the National Capital Region.

This position is telework eligible and may be authorized in accordance with OPM and DS policy, only with the approval of the assigned Government Office/ Program Director.

EEO Statement

H4 Enterprises, LLC does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor.