GovernmentCIO is looking for a Junior Security Analyst to join our team supporting the Department of Labor.
The Junior Security Analyst provides expert advice on IT security related issues. Review IT security documentation, policies, procedures, guidelines, System Security Plans, Risk Assessment, and so forth. Complete, manage, and
deliver work plans.
Prepare security documentation for the ETA internal website.
Test security technical controls systems/applications.
Assess and document security impact for ETA information systems. Oversee and establish
security awareness and role-based training for agency employees.
Write IT security procedures for the Operations and Applications Divisions. Assist with ensuring all ETA systems have in place effective, quality security documentation, including: a qualitative/quantitative risk assessment and e-authentication risk assessments; current and effective IT security plans that accurately reflect system status (audit the systems) and rules of behavior, annual system self-assessments, FIPS 199 security categorizations, personally identifiable information screening forms, privacy impact assessment, incident response plan, configuration management plan, system interconnection agreements/memorandum of understandings, quarterly plan of action and milestones, annual system inventories, current and tested incident response/contingency/disaster recovery plans, and current certification and accreditation.
Provide support for the installation, upgrades, configuration changes, and monitoring of network security systems (e.g., firewalls, email, spam filtering appliances, web proxies, router ACLs, and network-based intrusion detection systems. Perform quarterly security controls tests and evaluations for ETA information systems and applications.
Perform user account reviews (e.g., recertification of system accounts). Troubleshoot network security issues.
Prepare responses to data calls. Work closely with the operations, application, and configuration management/quality assurance teams to identify & mitigate network intrusion attacks.
Performs technical vulnerability assessments and conduct penetration tests.
Engage in intrusion detection and prevention activities for IT systems.
Lead efforts for investigating, reporting, and responding to computer security incidents. Disseminates patches and conducts reviews and research for security products, technologies, and services.
Evaluates, tests, and configures security products. Researches IT security issues and low or no cost security training options.
Composes, writes, and edits a variety IT security documents.
Ensures a central depository is maintained for IT security documentation and files.
Also, assists in gathering information and documents for Freedom of Information Act requests, OIG audits, etc. Prepares technical reports and project related documentation including test instructions and associated procedures. Create self-contained/guided presentations for various IT training sessions for system users.
The vendor shall track and record training participant(s) information of course(s) enrollment and completion.
Maintain incident reports and logs.
Required Education and Certification(s):
Engineering, or equivalent with 6 years of technical experience, 6 years’ experience in specialty
discipline at senior levels preferred or a BS Computer Science, Information Management (IM),
Information Technology, Engineering, or equivalent and 8 years with 4 years at senior levels
o Hyper Text Machine Language (HTML)
o Extensible Markup Language (XML)
o Java Server Pages (JSP) or Java
o Cisco Firewall Security
o Unix OS
o MS Windows Server 2007 or higher
Penetration Testing) configuration and usage.
and Office of Management and Budget mandates for IT security.