CyberSecurity Policy Advisor

GDIT is looking for an Cyber Security Policy Advisor that holds TS/SCI with Poly clearance for a position located in Annapolis Junction , MD.

The CyberSecurity Policy Advisor supports our companies Information Systems Security team by focusing on system reauthorization (ATO) in addition to directing response to escalated alerts and monitoring impacting security postures for more than 105 systems security plans for the program. This position conducts  in-depth analyses for continuous assessment of configuration compliance in accordance with agency policy. Identifies trends and deviations from standardized configurations for security to include security baseline, security hardening,  McAfee alerts, Tenable Nessus/ACAS scan reviews and privileged access management.    

Focus on security event management, vulnerability management, proactive threat mitigation. Conducts risk and vulnerability assessment at the network, system and application level. Supports and implements security controls and formulates operational risk mitigation along with assisting in security awareness programs. Involved in a wide range of security compliance for Secure The Enterprise (STE), Command Cyber Readiness Inspection (CCRI), intrusion detection, McAfee/Palo Alto, Web blocks, Two Stage Administrative Access Control (TSAC), Privileged access management and software mitigation, Nessus and SCCM. Researches, evaluates and recommends new security tools, techniques, and technologies in alignment with contract obligations for new technology insertions. Audits and manages security alerts for identity and access management. Prepares security reports for internal and external review. Analyst may be required to support contract report deliverable for security related programs in conjunction with SOC operational support.

Key responsibilities:

• Develops and updates procedures, and configure tools for Monitoring Analysts consumption

•  Escalates cyber security events according to our companies playbook and standard operation procedures (SOPs)

• Performs additional analysis of escalations from Monitoring Analysts and conduct case review

•  Assists with containment of threats and remediation of environment during or after an incident

• Escalates high or critical severity level incidents to Incident Investigators

• Consumes threat intelligence and disseminate findings to relevant parties

• Conducts hunting activities based on internal and external threat intelligence

•  Performs triage of service requests from customers and internal teams

​Position Requirements:

• BA/BS plus 8 years of relevant experience or equivalent combination of education and experience

• Active TS/SCI with current Polygraph

• 8570 IAT II Security certifications (e.g. Security+, Network+, CE|H, CySa etc)

​​Required Experience and Skills:

• Experience using event escalation and reporting procedures

• Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly

• General Understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB

• Knowledge of how common protocols and applications work

• Knowledge of how the Windows file systems and registry function

• preferred not required experience managing cases with enterprise SIEM systems (Splunk)/Service Now

• Experience with network monitoring in a SOC environment

• 7 am to 3 pm

Preferred Experience and Skills:

• BA/BS in Engineering, Computer Science, Information Security, or Information Systems or related work experience preferred

• Experience with Splunk, Netbrain and McAfee, Palo Alto security products

• Experience conducting packet and log file analysis

• Experience supporting incident investigations

• Experience working in a 24/7 SOC environment

CWIP - IAT level II Compliance:

Persons provide network environment (NE) and advance level compute environment (CE) support. Responsible for finding and fixing unprotected vulnerabilities and ensuring that remote access points are well secured. Focuses on threats and vulnerabilities and improving the security of systems. Demonstrates a mastery of the functions of the IAT Level I position. Monitors, tests and troubleshoots hardware and software IA problems pertaining to the network environment. Recommends and schedules IA related repairs to include performing IA related customer support functions such as installation, configuration, troubleshooting, customer assistance, in response to customer requirements for the network environment (NE). Analyzes patterns of non-compliance and identifies vulnerabilities resulting from a departure from the implementation plan or that were not apparent during testing. Provides leadership and direction to IA operations personnel. Implement applicable patches including IAVAs, and IAVBs for their environment.  (Reference: Policy 6-34) for Cyber Workforce Improvement Plan (CWIP).

#AnnapolisJunctionjobs

#cjpost

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.