Information Assurance/Security Specialist Senior (Lead)

Clearance Level
None
Category
Information Security
Location
Germantown, Maryland

REQ#: RQ87088

Travel Required: Less than 10%
Public Trust: Other
Requisition Type: Regular

GDIT is seeking an Information Security Analyst Senior (Lead) to join our team supporting the U.S. Department of Energy’s (DOE) Office of the Chief Financial Officer (OCFO), Office of Corporate Information Systems to provide Operations and Maintenance (O&M) Support Services of their Corporate Business Systems (CBSOM). As a the Senior Information Security Analyst, you will lead a small team providing cyber security and vulnerability management support for a suite of DOE business applications. You will support DOE’s Corporate Business Systems, used by over 14,000 users to fulfill the agency’s mission to promote energy independence, progress scientific research, and protect the nation through nuclear security.   You will be part of a 60+ person team supporting DOE on multiple task orders under our Blanket Purchase Agreement (BPA). Services on this single award BPA with a Period of Performance through early 2028 will be performed at the DOE office located at 20300 Century Boulevard, Germantown, MD, 20874. (Currently remote due to COVID-19).   For more information about the Department of Energy’s Office of Corporate Business Systems mission and functions, go to https://www.energy.gov/cfo/services/corporate-information-systems

Duties and responsibilities will include, but are not limited to:

  • Analyzes and determines information needs and elements, data relationships and attributes, data flow and storage requirements, and data output and reporting capabilities
  • Develops data modeling and participates in data acquisition and access analysis and design, and archive, recovery, and load strategy design and implementation
  • Serves as the Cyber Security technical lead
  • Assists in developing security/IA policies, procedures and standards. 
  • Responsibilities include working with the customer to minimize risks and assess and secure networks.
  • Leverage experience in cloud platforms and technologies including cyber security, information assurance, network security, computer information systems, computer science, or management information systems.
  • Work with Risk Management Framework (RMF), STIGs, and IA Controls to apply and evaluate the security of DOE business applications
  • Evaluate the security of common network services (DNS, web, mail, FTP, etc.), network vulnerabilities, and network attack patterns as they relate to the in-scope business application.
  • Identify data patterns, provide metrics, diagnose problems and provide intelligence for business operations by using tools such as SPLUNK, DBProtect, and Burp-Suite
  • Leverage Security Information and Event Management (SIEM) systems and ITIL methodology and processes in the delivery of cyber-security services.
  • Execute and interpret vulnerability scans, and collaborate with system owners to address vulnerabilities
  • Performs upgrades and maintenance of vulnerability scanning infrastructure
  • Collaborate with database and application teams to manage and support Plans of Actions and Milestones (POAM) remediation
  • Apply diagnostic techniques to identify problems, investigate causes, and recommend solutions.
  • Ensure the team’s work products are properly documented in the ITSM ticketing system
  • Collaborate with Task Order Management to remediate performance concerns and drive continual service improvement initiatives
  • Maintain current knowledge of relevant technology as assigned
  • May provide guidance and work leadership to less-experienced analysts.
  • May serve as a mentor to less experienced analysts.

Minimum Requirements:

  • Bachelor’s degree in Computer Science, Information Systems, Software Engineering, Business, or other related discipline with 8 years of increasingly responsible and relevant experience in defining security requirements.  Without a degree at least 10 years of relevant experience is required.
  • 6+ years of hands-on cybersecurity experience, including architecture and penetration testing, firewalls, encryption, security monitoring, event and anomaly analysis and intrusion detection/prevention.
  • 3+ years of hands-on experience with Burp suite vulnerability scans and penetration testing or related experience
  • 3+ years of hands-on experience with Trustwave DB Protect or related experience
  • Understanding of common hacking techniques (e.g., malware, etc.) and effective counter measures.
  • Experience in Microsoft and Linux including Red Hat web server platforms
  • Experience with Oracle and Microsoft SQL Server databases and their security configurations
  • Good team player, able to manage multiple assignments, and adapt to changing client needs
  • Must be able to obtain and maintain a DOE Clearance and successfully pass a thorough Government background screening process requiring the completion of detailed forms and fingerprinting
  • US Citizenship

Desired Qualifications:

  • ITIL v3 or v4 certification
  • Experience with ServiceNow for incident management, problem management, and service request management
  • Experience with Anti-Virus, Intrusion Detection/Protection Systems, Firewalls, Active Directory, Vulnerability Assessment tools and other security tools found in large network environments.
  • Cybersecurity certifications (e.g. CISSP, CISA, CISM, CCSP, GCIH, GCIA, GSEC, OSCP, CHFI, CEH)
  • Experience with technologies, including Active Directory, Windows Administration, scripting, and Windows configuration techniques
  • Azure or AWS cloud application experience
  • Previous Department of Energy experience.

WHAT GDIT CAN OFFER YOU:

  • Full-flex work week
  • 401K with company match
  • Internal mobility team dedicated to helping you own your career
  • Collaborative teams of highly motivated critical thinkers and innovators
  • Ability to make a real impact on the world around you

Not sure this job’s the one for you? Check out our other openings at gdit.com/careers.

Do you have a friend or colleague this posting describes? Let them know about the opportunity by clicking “Share.”

#GDITPriority

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.