GDIT is looking for an Information Security Analyst Advisor that holds TS/SCI with Poly clearance for a position located in Annapolis Junction , MD.
Analyst supports our companies Information Systems Security team by focusing on system reauthorization (ATO) in addition to directing response to escalated alerts and monitoring impacting security postures for more than 105 systems security plans for the program. This position conducts in-depth analyses for continuous assessment of configuration compliance in accordance with agency policy. Identifies trends and deviations from standardized configurations for security to include security baseline, security hardening, McAfee alerts, Tenable Nessus/ACAS scan reviews and privileged access management.
Focus on security event management, vulnerability management, proactive threat mitigation. Conducts risk and vulnerability assessment at the network, system and application level. Supports and implements security controls and formulates operational risk mitigation along with assisting in security awareness programs. Involved in a wide range of security compliance for Secure The Enterprise (STE), Command Cyber Readiness Inspection (CCRI), intrusion detection, McAfee/Palo Alto, Web blocks, Two Stage Administrative Access Control (TSAC), Privileged access management and software mitigation, Nessus and SCCM. Researches, evaluates and recommends new security tools, techniques, and technologies in alignment with contract obligations for new technology insertions. Audits and manages security alerts for identity and access management. Prepares security reports for internal and external review. Analyst may be required to support contract report deliverable for security related programs in conjunction with SOC operational support.
Develops and updates procedures, and configure tools for Monitoring Analysts consumption
Escalates cyber security events according to our companies playbook and standard operation procedures (SOPs)
Performs additional analysis of escalations from Monitoring Analysts and conduct case review
Assists with containment of threats and remediation of environment during or after an incident
Escalates high or critical severity level incidents to Incident Investigators
Consumes threat intelligence and disseminate findings to relevant parties
Conducts hunting activities based on internal and external threat intelligence
Performs triage of service requests from customers and internal teams
BA/BS plus 8 years of relevant experience or equivalent combination of education and experience
Experience using event escalation and reporting procedures
Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
General Understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
Knowledge of how common protocols and applications work
Knowledge of how the Windows file systems and registry function
preferred not required experience managing cases with enterprise SIEM systems (Splunk)/Service Now
Experience with network monitoring in a SOC environment
7 am to 3 pm
Preferred Experience and Skills:
BA/BS in Engineering, Computer Science, Information Security, or Information Systems or related work experience preferred
Experience with Splunk, Netbrain and McAfee, Palo Alto security products
Experience conducting packet and log file analysis
Experience supporting incident investigations
Experience working in a 24/7 SOC environment
CWIP - IAT level II Compliance:
Persons provide network environment (NE) and advance level compute environment (CE) support. Responsible for finding and fixing unprotected vulnerabilities and ensuring that remote access points are well secured. Focuses on threats and vulnerabilities and improving the security of systems. Demonstrates a mastery of the functions of the IAT Level I position. Monitors, tests and troubleshoots hardware and software IA problems pertaining to the network environment. Recommends and schedules IA related repairs to include performing IA related customer support functions such as installation, configuration, troubleshooting, customer assistance, in response to customer requirements for the network environment (NE). Analyzes patterns of non-compliance and identifies vulnerabilities resulting from a departure from the implementation plan or that were not apparent during testing. Provides leadership and direction to IA operations personnel. Implement applicable patches including IAVAs, and IAVBs for their environment. (Reference: Policy 6-34) for Cyber Workforce Improvement Plan (CWIP).
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.