Cyber Security Analyst Advisor - REMOTE!

Clearance Level
None
Category
Cyber Security
Location
Remote, Based in the USA

REQ#: RQ121536

Travel Required: Less than 10%
Public Trust: None
Requisition Type: Regular

At GDIT, people are our differentiator! As a Cyber Analyst Advisor supporting the VA Enterprise Security Architecture (ESA) Modernization Support project, you will be trusted to work actively with GDIT security and Cyber-Security professionals to support our VA customer. 

Our mission within the VA is to ensure Veteran’s information, VA information systems and infrastructure is cybersecurity ready. GDIT will accomplish this while ensuring the resiliency of VA’s cybersecurity infrastructure through proactive monitoring, adaptive responses, adherence to Federal requirements and best practices, and the recruitment, retention, and development of a world-class cybersecurity workforce.

The ideal Cyber Analyst Advisor will have experience in the concepts, terms, processes, policy and implementation of information security.  The right candidate will have experience and knowledge of the latest security measures at all stages of an information system life cycle as well as have the ability to solve complex problems involving a wide variety of information systems.  A good security analyst must be able to understand and differentiate between critical and non-critical systems and networks.

This role is fully remote!

RESPONSIBILITIES:

  • Conduct cyber security tests, risk evaluations, assessments and providing results of these activities to leadership

  • Develop reference architecture for technology and system using architecture frameworks such as DODAF, TOGAF and the Microsoft Azure Well-Architected Framework

  • Provide input on configuration changes and risk recommendations as needed.

  • Perform root cause analysis to identify gaps and provide technical and procedural recommendations that will reduce the exposure to cyber risks

  • Use data collected from a variety of cyber defense tools (e.g., Vulnerability scanning, IDS alerts, firewalls, network traffic logs) to analyze the security posture of information systems

  • Support the development and maintenance of security playbook procedures

  • Respond to and report incidents related to assigned information systems

  • Provide input and/or develop security processes and procedures

  • Present and deliver findings based on information gathered in group and individual settings

  • Perform risk evaluations, respond to incidents, conduct basic forensics (chain of custody, imaging, reporting)

  • Assist in the development of the security policies and procedures and ensure compliance with those policies and procedures through ongoing monitoring and assessments

  • Evaluating risks associated with assigned systems, enforcing and assessing the controls and monitoring the security impact of changes to the systems

  • Provide into to the technical writing team for complex technical documents in support of the program and system Certification and Accreditation efforts

  • Other duties as assigned

  • Provide and/or assist in root cause analysis of anomalous events

QUALIFICATIONS
 

Required Skills and Experience

  • Masters a minimum of 8 years work experience.  Ten (10) years of relevant experience may be substituted for education

  • Must have experience designing network system architectures

  • Experience in the concepts, terms, processes, policy and implementation of information security. Must have experience and knowledge of the latest security measures at all stages of an information system life cycle.  Must have the ability to solve complex problems involving a wide variety of information systems.  Must be able to understand and differentiate between critical and non-critical systems and networks.

  • Demonstrated experience with implementing NIST SP 800-37 Rev1 - “Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach”

  • Demonstrated experience with the NIST 800-53Rev 4/5 - “Security and Privacy Controls for Federal Information Systems and Organizations” and a deep understanding of how to evaluate potential control implementations for organizational conformance.

  • Demonstrated experience implementing NIST SP 800-115 - “Technical Guide to Information Security Testing and Assessment” to include technical computer/network system auditing

  • Experience with analyzing vulnerability and penetration testing reports to develop and manage POA&Ms to include risk calculations

  • Experience using security tools (Nessus, Splunk, Sophos, Security Center, etc.)

  • Ability to perform Splunk queries to examine and query log data from the Enterprise Logging as a Service system

  • Proficiency with Microsoft Office products (Word, Outlook, Excel, PowerPoint, and SharePoint)

  • Must be able to meet customer facility COVID requirements

  • Must have U.S. Citizenship

  • Must be able to obtain Public Trust

Desired Skills and Experience

  • Knowledge of and the ability to script in either, Perl, Python, or Bash

  • Experience designing enterprise architecture solutions, conducting threat assessments, and developing network security patterns

  • Experience performing incident response

  • Experience performing malware analysis

  • One or more of the following certifications:

    • Certified Ethical Hacker (CEH)

    • CompTIA Cybersecurity Analyst (CySA+)

    • Certified Information Systems Security Professional (CISSP)

    • Certified Information Security Manager (CISM) Understanding and experience with eMASS

  • Must have strong attention to detail

  • Effective verbal and written communication and presentation skills

  • Strong planning, organizational, and time management skills

  • Demonstrated initiative and ability to work independently, as well as strong interpersonal skills that foster the ability to work effectively on teams, communicate effectively

    ---------

    #GDITFedHealthJobs-ESAMS

    #ESAMS

    #VeteransAffairs

    The likely salary range for this position is $88,000 - $132,000, this is not, however, a guarantee of compensation or salary; rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

    View information about benefits and our total rewards program.


    About Our Work

    We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

    COVID-19 Vaccination

    GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

    GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.