IT Security Analyst - Operations (TS)

|| THIS POSITION IS CURRENTLY BEING PIPELINED IN PREPARATION FOR THE ANTICIPATED DEMAND FOR CANDIDATES ||

Seize your opportunity to make a personal impact as an IT Security Analyst (Operations) supporting The United States Postal Service (USPS) Office of Inspector General (OIG). GDIT is your place to make meaningful contributions to challenging projects and grow a rewarding career.

At GDIT, people are our differentiator. As IT Security Analyst (Operations), you will help ensure today is safe and tomorrow is smarter. Our work depends on an IT Security Analyst (Operations) as you will have a primary focus working as a team member of the IT Security Office. This team is responsible for OIG information security policies, procedures, and services to protect the confidentiality, integrity, and availability of the information within the information technology infrastructure. The OIG’s information resources are sensitive assets and are critical in the performance of its mission; therefore, information security services help safeguard the information resources entrusted to the OIG.

HOW AN IT SECURITY ANALYST (OPERATIONS) WILL MAKE AN IMPACT

• Implements and interprets the requirements for agency compliance with policy directives governing IT infrastructure protection
• Executes USPSOIG security policy and compliance management program
  • Identifies current and potential IT security risks and recommends mitigation strategies
  • Monitors agency compliance with infrastructure protection requirements across IT programs
  • Participates in the development of security policies
  • Participates in the certification and accreditation of OIG systems
• Executes security related operational activities
  • Manages security incident detection, response, remediation
  • Conducts cyber threat and vulnerability analysis and remediation
  • Configures and monitors security using Microsoft enterprise solutions (windows 7, Active Directory 2008, Group Policy management), assessing and remediating Microsoft enterprise vulnerabilities
  • Develops security metrics and manages reporting and compliance
  • Serves as CIRT/CERT member
  • Supports operational implementation of FISMA/NIST standards
  • Conducts Computer Security Forensics
  • Operates Security Tools, monitoring, response, and reporting including IPS/IDS, Firewall, Advanced Malware Protection, Security Incident and Even Management, Vulnerability Identification and Analysis, security logging, Anti-malware,2 factor authentication, password protection and secure document sharing and collaboration solutions (CISCO IPS/IDS/Firewall, FireEye, McAfee NITRO SIEM, RAPID 7 and Nessus scanners, RedSeal Vulnerability management and analysis, Sophos anti-malware, LastPass password management, WatchDox secure file sharing & Collaboration)
  • Manages IT Security awareness training program in cooperation with Learning Management team including developing and delivering IT Security awareness training modules
  • Manages Password Management system in coordination with Service Desk
  • Responds to IT Security trouble tickets generated by customers and IT staff. Identifies solutions, works with customer and OCIO team to execute solutions and manages ticket input, update and resolution in OCIO ticketing system to maintain service level agreements
• Supports Security Engineering and tech solution support and expertise
  • Participates in the certification and accreditation of OIG systems
  • Identifies security risks and recommends risk mitigation strategies
  • Reviews new and existing systems to address technical solutions to provide enhanced
  • security and ensure baseline security requirements are met
  • Develops security architecture, technical solutions for security products, and integrates
  • Collaborates with members of CIO and Business units to develop security architecture and solutions for IT and business systems
  • Develops and executes project plan to engineer, construct, deploy and monitor/manage IT Security infrastructure solutions
  • Evaluates security requirements associated with cloud-hosted environments and services and Evaluates security requirements associated with mobile applications

WHAT YOU’LL NEED TO SUCCEED:

Education:

• Bachelor's in Information Assurance, Information Systems, Computer Science, or related field
• Possess one or more of the following certifications: CISSP certification(s) (or equivalent); CISCO/Microsoft Security Certification, Azure Certification(s); GSCC; GIAC; DHS Security Certification
• ITIL v3 Foundation certification (preferred)

Required Experience:

• 7+ years of Specialized IT experience
• 5 years' experience in IT Operations

Required Technical Skills:

• Experience with system administration and/or security engineering within Microsoft Azure cloud-computing environment to assist the organization with adhering to architecture, design, implementation, and security standards and best practices
• Knowledge of information security principles, concepts, practices, systems software, database software, and immediate access storage technology to carry out activities relating to security certification and accreditation
• Knowledge & Skill in implementing FISMA, NIST, OMB guidelines, and other Federal regulations and guidance
• Experience interpreting and implementing FISMA/NISG requirements focused on the operational implementation and documentation of those requirements
• Knowledge of security requirements associated with cloud-hosted environments and services and mobile application development and deployment
• Vulnerability Management experience and Enterprise Scanner Experience

Security Clearance Level:

• Top Secret Security Clearance (or ability to obtain TS clearance) (for security Operations and engineering work).
• The security clearance for this program requires the selected candidate to be a U.S. Citizen and to have resided in the US for the past five years. The selected candidate cannot have left the country for longer than 90 consecutive days and no more than 180 cumulative days.

Required Skills and Abilities:

• Strong skill and ability in executing Security Operations (e.g., experience in a SOC team environment) including incident detection, identification, management, response, and reporting (must have experience in incident management)
• Strong working knowledge and ability utilizing Microsoft Azure including experience with securing any Azure resources, experience with Azure AD, and scanning in an Azure environment
• Skill in making recommendations that significantly influence OIG’s information security policies or programs
• Experience building policies and preparing briefings to explain security programs and requirements to senior executives
• Skill and Ability to provide expert technical advice, guidance, and recommendations to management and other technical specialists on critical information technology security issues
• Skill and Ability to assess risk factors and advise on vulnerability to attack from a variety of sources and procedures for protection of systems and applications
• Ability to ensure coordination and/or collaboration on security activities
• Ability to effectively communicate both orally and in writing with management and other technical specialists
• Ability to plan, organize and manage tasks on time with minimal supervision

Location:

• Remote with a hybrid work schedule: Needs to be within 2 hours of primary location in Arlington, VA to be onsite for an as needed basis

WHAT GDIT CAN OFFER YOU: 

• Full-flex work week to own your priorities at work and at home (with prior manager approval)
• 401K with company match 
• Internal mobility team dedicated to helping you own your career 
• Professional growth opportunities including paid education and certifications
• Cutting-edge technology you can learn from 
• Rest and recharge with paid vacation and holidays

 #GDITCareers #CISSP #Azure #ITSecurity