GovernmentCIO is looking for a Senior Security Anaylst to join our team supporting the Department of Labor.
The Security Analyst provides expert advice on IT security related issues. Review IT security documentation,
policies, procedures, guidelines, System Security Plans, Risk Assessment, and deliver work plans. Prepare security
documentation for the ETA internal website. Test security technical controls systems/applications. Assess and document security impact for ETA information systems. Oversee and establish security awareness and role-based training for agency employees. Draft the IT security procedures for the Operations and Applications Divisions.
Assist with ensuring all ETA systems have in place effective, quality security documentation, including: a
qualitative/quantitative risk assessment and e-authentication risk assessments; current and effective IT security plans
that accurately reflect system status (audit the systems) and rules of behavior, annual system self-assessments, FIPS
199 security categorizations, personally identifiable information screening forms, privacy impact assessment,
incident response plan, configuration management plan, system interconnection agreements/memorandum of
understandings, quarterly plan of action and milestones, annual system inventories, current and tested incident
response/contingency/disaster recovery plans, and current certification and accreditation. Provide support for the
installation, upgrades, configuration changes, and monitoring of network security systems (e.g., firewalls, email,
spam filtering appliances, web proxies, router ACLs, and network based intrusion detection systems. Perform
quarterly security controls tests and evaluations for ETA information systems and applications. Perform user
account reviews (e.g., recertification of system accounts). Troubleshoot network security issues. Prepare responses
to data calls. Work closely with the operations, application, and configuration management/quality assurance teams
to identify & mitigate network intrusion attacks. Performs technical vulnerability assessments and conduct
penetration tests. Engage in intrusion detection and prevention activities for IT systems. Lead efforts for
investigating, reporting, and responding to computer security incidents. Disseminates patches and conducts reviews
and research for security products, technologies, and services. Evaluates, tests, and configures security products.
Research IT security issues for low or no cost security training solutions. Composes, writes, and edits a variety IT
security documents. Ensures a central depository is maintained for IT security documentation and files. Also, assists
in gathering information and documents for Freedom of Information Act requests, OIG audits, etc. Prepares
technical reports and project related documentation including test instructions and associated procedures. The
vendor shall create and maintain self-contained/self-guided IT security presentation for IT training sessions to
support ETA system users. The vendor shall track and record training participant(s) information of course(s) taken.
Maintain incident reports and logs.
o Hyper Text Machine Language (HTML)
o Extensible Markup Language (XML)
o Java Server Pages (JSP) or Java
o Cisco Firewall Security
o Unix OS
o MS Windows Server 2007 or higher
WebInspect and Penetration Testing…) configuration and usage.
and Technology guidance, and Office of Management and Budget mandates for IT security;
DOL/ETA IT SECURITY SERVICES
Education and Certification(s):