We are GDIT. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country.
GDIT is seeking a Senior Application Cyber Security Analyst to join our team supporting the U.S. Department of Energy’s (DOE) Office of the Chief Financial Officer (OCFO), Office of Corporate Information Systems to provide Operations and Maintenance (O&M) Support Services of their Corporate Business Systems (CBSOM). As a Cyber Security Analyst, you will provide cyber security and vulnerability management support for a suite of DOE business applications. You will support DOE’s Corporate Business Systems, used by over 14,000 users to fulfill the agency’s mission to promote energy independence, progress scientific research, and protect the nation through nuclear security.
Duties and responsibilities will include, but are not limited to:
Leads a team of Cyber Analysts to support continuous monitoring and vulnerability management support.
Leverages extensive application security knowledge to execute and analyze application and database vulnerability scans.
Develops project plans to lead security infrastructure upgrade and deployment initiatives
Research new technologies that can support improved vulnerability management service delivery
Assists with the application of security/IA policies, procedures, and standards.
Responsibilities include working with the customer to minimize risks and assess and secure networks
Support data calls and audit information requests for the target systems in the application portfolio
Performs all procedures necessary to ensure the safety of the organization’s web applications and transactions across the Internet.
Stays abreast of current federal Cyber policies and supports their interpretation and application to the DOE computing environment
Work with Risk Management Framework (RMF), STIGs, and IA Controls to apply and evaluate the security of DOE business applications
Provide vulnerability metrics, diagnose problems, and provide intelligence for business operations by using tools such as SPLUNK, DbProtect, and Burp-Suite
Leverage Security Information and Event Management (SIEM) systems and ITIL processes in the delivery of cyber-security services.
Execute and interpret vulnerability scans, and collaborate with system owners to address vulnerabilities
Collaborate with database and application teams to manage and support Plans of Actions and Milestones (POAM) remediation
Apply diagnostic techniques to identify problems, investigate causes, and recommend solutions.
Document user requests and actions taken in ServiceNow ticketing system
Maintain current knowledge of relevant technology as assigned
Bachelor’s degree in Computer Science, Information Systems, Software Engineering, Business, or other related discipline with 5-8 years of increasingly responsible and relevant experience in defining security requirements. Without a degree at least 9-11 years of relevant experience is required.
3+ years of hands-on cybersecurity experience with a focus on application and database security, including architecture and penetration testing, firewalls, encryption, security monitoring, event and anomaly analysis and intrusion detection/prevention.
2+ years of hands-on experience with Burp suite, or Web Inspect application vulnerability scans and analysis
2+ years of hands-on experience with Trustwave DB Protect
Understanding of common hacking techniques (e.g., malware, etc.) and effective counter measures.
Experience in Microsoft and Linux including Red Hat web server platforms
Experience with Oracle and Microsoft SQL Server databases and their security configurations/baselines
Good team player, able to manage multiple assignments, and adapt to changing client needs
Must be able to obtain and maintain a DOE Clearance and successfully pass a Government background screening process requiring the completion of detailed forms and fingerprinting
Experience with ServiceNow for incident management, problem management, and service request management
Experience with Anti-Virus, Intrusion Detection/Protection Systems, Firewalls, Active Directory, Vulnerability Assessment tools and other security tools found in large network environments.
ITIL v3 or v4 certification
Previous Department of Energy experience.
WHAT GDIT CAN OFFER YOU:
Full-flex work week
401K with company match
Internal mobility team dedicated to helping you own your career
Collaborative teams of highly motivated critical thinkers and innovators
Ability to make a real impact on the world around you
Not sure this job’s the one for you? Check out our other openings at gdit.com/careers.
Do you have a friend or colleague this posting describes? Let them know about the opportunity by clicking “Share.”
The likely salary range for this position is $89,600 - $134,400, this is not, however, a guarantee of compensation or salary; rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.