• Junior Security Analyst

    Job Locations US-DC-Washington DC
    Posted Date 3 weeks ago(5/3/2018 11:01 AM)
    Job ID
    # of Openings
    Information Technology
  • Overview

    GovernmentCIO is looking for a Junior Security Analyst to join our team supporting the Department of Labor. 


    The Junior Security Analyst provides expert advice on IT security related issues. Review IT security documentation, policies, procedures, guidelines, System Security Plans, Risk Assessment, and so forth. Complete, manage, and

    deliver work plans.

    Prepare security documentation for the ETA internal website.

    Test security technical controls systems/applications.

    Assess and document security impact for ETA information systems. Oversee and establish

    security awareness and role-based training for agency employees.

    Write IT security procedures for the Operations and Applications Divisions. Assist with ensuring all ETA systems have in place effective, quality security documentation, including: a qualitative/quantitative risk assessment and e-authentication risk assessments; current and effective IT security plans that accurately reflect system status (audit the systems) and rules of behavior, annual system self-assessments, FIPS 199 security categorizations, personally identifiable information screening forms, privacy impact assessment, incident response plan, configuration management plan, system interconnection agreements/memorandum of understandings, quarterly plan of action and milestones, annual system inventories, current and tested incident response/contingency/disaster recovery plans, and current certification and accreditation.

    Provide support for the installation, upgrades, configuration changes, and monitoring of network security systems (e.g., firewalls, email, spam filtering appliances, web proxies, router ACLs, and network-based intrusion detection systems. Perform quarterly security controls tests and evaluations for ETA information systems and applications.

    Perform user account reviews (e.g., recertification of system accounts). Troubleshoot network security issues.

    Prepare responses to data calls. Work closely with the operations, application, and configuration management/quality assurance teams to identify & mitigate network intrusion attacks.

    Performs technical vulnerability assessments and conduct penetration tests.

    Engage in intrusion detection and prevention activities for IT systems.

    Lead efforts for investigating, reporting, and responding to computer security incidents. Disseminates patches and conducts reviews and research for security products, technologies, and services.

    Evaluates, tests, and configures security products. Researches IT security issues and low or no cost security training options.

    Composes, writes, and edits a variety IT security documents.

    Ensures a central depository is maintained for IT security documentation and files.

    Also, assists in gathering information and documents for Freedom of Information Act requests, OIG audits, etc. Prepares technical reports and project related documentation including test instructions and associated procedures. Create self-contained/guided presentations for various IT training sessions for system users.

    The vendor shall track and record training participant(s) information of course(s) enrollment and completion.

    Maintain incident reports and logs.


    Required Education and Certification(s):

    • Master’s Degree in Computer Science, Information Management (IM), Information Technology,

    Engineering, or equivalent with 6 years of technical experience, 6 years’ experience in specialty

    discipline at senior levels preferred or a BS Computer Science, Information Management (IM),

    Information Technology, Engineering, or equivalent and 8 years with 4 years at senior levels


    • CISSP or Certified FISMA Compliance Practitioner (CFCP) REQUIRED


    • Must undergo and successfully attain Minimum Background Investigation (MBI).
    • A minimum of 5 years’ experience with CM activities of similar scope, complexity and


    • Ability to communicate ideas in both technical and non-technical language
    • Strong analytical and problem-solving skills
    • Strong organization and time management skills
    • Working knowledge of the SDLCM
    • Excellent listening, presentation, and interpersonal skills
    • Excellent verbal and written communication skills 


    • Minimum of five years of experience with network architectures, software architectures, or software

    systems development.

    • Experience with the following (preferred):

    o JavaScript

    o Hyper Text Machine Language (HTML)

    o Extensible Markup Language (XML)

    o Java Server Pages (JSP) or Java

    • A minimum of five years hands-on experience with:

    o Cisco Firewall Security

    o VMware

    o Unix OS

    o MS Windows Server 2007 or higher

    • Three years or more of hands-on experience in the security tools (Network Scanning, CSAM,

    Penetration Testing) configuration and usage.

    • Three years or more of experience with using MS Word, Excel, PowerPoint, HTML, and Adobe


    • Familiar with a variety of the IT security field’s concepts, practices, policies, and procedures.
    • Familiar with government regulations, laws, National Institute of Standards and Technology guidance,

    and Office of Management and Budget mandates for IT security.

    • Familiarity with Remedy V7 or later
    • Working knowledge of the SDLCM
    • Strong knowledge base in the principles and the effective usage network monitoring tools
    • Structured documentation techniques or other industry-wide standards
    • Excellent verbal and presentation skills. Technical writing skills


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed