• Senior Security Analyst

    Job Locations US-DC-Washington DC
    Posted Date 3 weeks ago(5/3/2018 10:43 AM)
    Job ID
    # of Openings
    Information Technology
  • Overview

    GovernmentCIO is looking for a Senior Security Anaylst to join our team supporting the Department of Labor. 


    The Security Analyst provides expert advice on IT security related issues. Review IT security documentation,

    policies, procedures, guidelines, System Security Plans, Risk Assessment, and deliver work plans. Prepare security

    documentation for the ETA internal website. Test security technical controls systems/applications. Assess and document security impact for ETA information systems. Oversee and establish security awareness and role-based training for agency employees. Draft the IT security procedures for the Operations and Applications Divisions.

    Assist with ensuring all ETA systems have in place effective, quality security documentation, including: a

    qualitative/quantitative risk assessment and e-authentication risk assessments; current and effective IT security plans

    that accurately reflect system status (audit the systems) and rules of behavior, annual system self-assessments, FIPS

    199 security categorizations, personally identifiable information screening forms, privacy impact assessment,

    incident response plan, configuration management plan, system interconnection agreements/memorandum of

    understandings, quarterly plan of action and milestones, annual system inventories, current and tested incident

    response/contingency/disaster recovery plans, and current certification and accreditation. Provide support for the

    installation, upgrades, configuration changes, and monitoring of network security systems (e.g., firewalls, email,

    spam filtering appliances, web proxies, router ACLs, and network based intrusion detection systems. Perform

    quarterly security controls tests and evaluations for ETA information systems and applications. Perform user

    account reviews (e.g., recertification of system accounts). Troubleshoot network security issues. Prepare responses

    to data calls. Work closely with the operations, application, and configuration management/quality assurance teams

    to identify & mitigate network intrusion attacks. Performs technical vulnerability assessments and conduct

    penetration tests. Engage in intrusion detection and prevention activities for IT systems. Lead efforts for

    investigating, reporting, and responding to computer security incidents. Disseminates patches and conducts reviews

    and research for security products, technologies, and services. Evaluates, tests, and configures security products.

    Research IT security issues for low or no cost security training solutions. Composes, writes, and edits a variety IT

    security documents. Ensures a central depository is maintained for IT security documentation and files. Also, assists

    in gathering information and documents for Freedom of Information Act requests, OIG audits, etc. Prepares

    technical reports and project related documentation including test instructions and associated procedures. The

    vendor shall create and maintain self-contained/self-guided IT security presentation for IT training sessions to

    support ETA system users. The vendor shall track and record training participant(s) information of course(s) taken.

    Maintain incident reports and logs.



    • Must undergo and successfully attain MBI security investigation prior to coming on-site.
    • A minimum of 8 years’ experience with IT Security activities of similar scope, complexity and responsibility
    • Strong analytical and problem solving skills
    • Strong organization and time management skills
    • Working knowledge of the (SDLCM).
    • Excellent listening, presentation, and interpersonal skills
    • Excellent verbal and written communication skills 


    • Five years of experience with network architectures, software architectures, or software systemsdevelopment.
    • Experience with the following (preferred):

    o JavaScript

    o Hyper Text Machine Language (HTML)

    o Extensible Markup Language (XML)

    o Java Server Pages (JSP) or Java

    • A minimum of five years hands-on experience with:

    o Cisco Firewall Security

    o VMware

    o Unix OS

    o MS Windows Server 2007 or higher

    • Five or more years of hands-on experience in the security tools (Network Scanning, CSAM,

    WebInspect and Penetration Testing…) configuration and usage.

    • Five or more years of experience with using MS Word, Excel, PowerPoint, HTML, and

    Adobe products.

    • Familiar with a variety of the IT security field’s concepts, practices, policies, and procedures.
    • Knowledge and expertise with government regulations, laws, National Institute of Standards

    and Technology guidance, and Office of Management and Budget mandates for IT security;

    • Familiarity with Remedy V7 or later
    • Working knowledge of the SDLCM.

    RFP# 1605DC-18-R-00008/0003



    • Strong knowledge base in the principles and the effective usage network monitoring tools
    • Structured documentation techniques or other industry-wide standards
    • Excellent verbal and presentation skills. Technical writing skill


    Education and Certification(s):

    • Master’s Degree in Computer Science, Information Management (IM), Information Technology, Engineering, or equivalent with 10 years of technical experience, 8 years’ experience in specialty discipline at senior levels preferred or a BS Computer Science, Information Management (IM),Information Technology, Engineering, or equivalent and 12 years with 8 years at senior levels
    • Certified Information Systems Security Professional (CISSP) or Certified FISMA Compliance Practitioner (CFCP) REQUIRED 


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed