GDIT is seeking an Information Security Analyst Senior (Lead) to join our team supporting the U.S. Department of Energy’s (DOE) Office of the Chief Financial Officer (OCFO), Office of Corporate Information Systems to provide Operations and Maintenance (O&M) Support Services of their Corporate Business Systems (CBSOM). As a the Senior Information Security Analyst, you will lead a small team providing cyber security and vulnerability management support for a suite of DOE business applications. You will support DOE’s Corporate Business Systems, used by over 14,000 users to fulfill the agency’s mission to promote energy independence, progress scientific research, and protect the nation through nuclear security. You will be part of a 60+ person team supporting DOE on multiple task orders under our Blanket Purchase Agreement (BPA). Services on this single award BPA with a Period of Performance through early 2028 will be performed at the DOE office located at 20300 Century Boulevard, Germantown, MD, 20874. (Currently remote due to COVID-19). For more information about the Department of Energy’s Office of Corporate Business Systems mission and functions, go to https://www.energy.gov/cfo/services/corporate-information-systems.
Duties and responsibilities will include, but are not limited to:
Analyzes and determines information needs and elements, data relationships and attributes, data flow and storage requirements, and data output and reporting capabilities
Develops data modeling and participates in data acquisition and access analysis and design, and archive, recovery, and load strategy design and implementation
Serves as the Cyber Security technical lead
Assists in developing security/IA policies, procedures and standards.
Responsibilities include working with the customer to minimize risks and assess and secure networks.
Leverage experience in cloud platforms and technologies including cyber security, information assurance, network security, computer information systems, computer science, or management information systems.
Work with Risk Management Framework (RMF), STIGs, and IA Controls to apply and evaluate the security of DOE business applications
Evaluate the security of common network services (DNS, web, mail, FTP, etc.), network vulnerabilities, and network attack patterns as they relate to the in-scope business application.
Identify data patterns, provide metrics, diagnose problems and provide intelligence for business operations by using tools such as SPLUNK, DBProtect, and Burp-Suite
Leverage Security Information and Event Management (SIEM) systems and ITIL methodology and processes in the delivery of cyber-security services.
Execute and interpret vulnerability scans, and collaborate with system owners to address vulnerabilities
Performs upgrades and maintenance of vulnerability scanning infrastructure
Collaborate with database and application teams to manage and support Plans of Actions and Milestones (POAM) remediation
Apply diagnostic techniques to identify problems, investigate causes, and recommend solutions.
Ensure the team’s work products are properly documented in the ITSM ticketing system
Collaborate with Task Order Management to remediate performance concerns and drive continual service improvement initiatives
Maintain current knowledge of relevant technology as assigned
May provide guidance and work leadership to less-experienced analysts.
May serve as a mentor to less experienced analysts.
Bachelor’s degree in Computer Science, Information Systems, Software Engineering, Business, or other related discipline with 8 years of increasingly responsible and relevant experience in defining security requirements. Without a degree at least 10 years of relevant experience is required.
6+ years of hands-on cybersecurity experience, including architecture and penetration testing, firewalls, encryption, security monitoring, event and anomaly analysis and intrusion detection/prevention.
3+ years of hands-on experience with Burp suite vulnerability scans and penetration testing or related experience
3+ years of hands-on experience with Trustwave DB Protect or related experience
Understanding of common hacking techniques (e.g., malware, etc.) and effective counter measures.
Experience in Microsoft and Linux including Red Hat web server platforms
Experience with Oracle and Microsoft SQL Server databases and their security configurations
Good team player, able to manage multiple assignments, and adapt to changing client needs
Must be able to obtain and maintain a DOE Clearance and successfully pass a thorough Government background screening process requiring the completion of detailed forms and fingerprinting
ITIL v3 or v4 certification
Experience with ServiceNow for incident management, problem management, and service request management
Experience with Anti-Virus, Intrusion Detection/Protection Systems, Firewalls, Active Directory, Vulnerability Assessment tools and other security tools found in large network environments.
Experience with technologies, including Active Directory, Windows Administration, scripting, and Windows configuration techniques
Azure or AWS cloud application experience
Previous Department of Energy experience.
WHAT GDIT CAN OFFER YOU:
Full-flex work week
401K with company match
Internal mobility team dedicated to helping you own your career
Collaborative teams of highly motivated critical thinkers and innovators
Ability to make a real impact on the world around you
Not sure this job’s the one for you? Check out our other openings at gdit.com/careers.
Do you have a friend or colleague this posting describes? Let them know about the opportunity by clicking “Share.”
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.