Information Systems Security Officer

Information Security Analyst Sr Advisor

Transform technology into opportunity as an Information Security Analyst Sr Advisor with GDIT. A career in enterprise IT means connecting and enhancing the systems that matter most. At GDIT you’ll be at the forefront of innovation and play a meaningful part in improving how agencies operate.

At GDIT, people are our differentiator. As an Information Security Analyst Sr Advisor you will help ensure today is safe and tomorrow is smarter.

HOW AN INFORMATION SECURITY ANALYST SR ADVISOR WILL MAKE AN IMPACT

• Performs, monitors, tests, and troubleshoots hardware and software Information Assurance (IA) problems pertaining to the Computing Environment (CE), Network Environments (NE), and enclave environments. 
• Collects and analyzes data and events from Computer Network Defense (CND) tools such as system alerts, firewall, and network traffic logs, and host system logs. 
• Assesses and identifies the systems and networks within the NE acceptable configurations and policies.
• Develops and manages security for more than one IT functional areas (e.g., data, systems, network and/or web) across the enterprise. 
• Leads in the development and implementation of security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and use of firewalls and encryption routines). 
• Briefs and presents status reports on security matters to develop security risk analysis scenarios and response procedures. 
• Responsible for the tracking and monitoring of software viruses. 
• Leads in the evaluation of products and/or procedures to enhance productivity and effectiveness. 
• Provides direct support to the business and IT staff for security related issues.   
• Possess extensive knowledge in networking, databases, systems and/or web operations, and developing enterprise security strategies.
• Support Risk Management Framework (RMF) and Information Assurance (IA) activities for on-premises and cloud-based federal web applications, including data categorization, control tailoring, and the development of implementation statements in preparation for Authority to Operate (ATO) assessments.
• Ensure web applications and their environments comply with configuration, policy standards, and applicable security frameworks such as NIST 800-53, PCI-DSS, and FedRAMP.
• Collect and analyze security data from SIEM tools (e.g., Splunk), including system alerts, web application and host logs.

WHAT YOU’LL NEED TO SUCCEED:

• 7+ years of experience project leadership in monitoring computer networks and security issues, investigating and resolving   security and cybersecurity incidents
•  Experience in documenting security incidents and performing security vulnerability assessments
• Proven ability to manage Plans of Action and Milestones (POA&Ms) to completion and support the ATO lifecycle, including the development of System Security Plans (SSPs).
• 3+ years of experience working within Agile and SAFe environments to identify and remediate web application vulnerabilities.
• Familiarity with NIST 800-53 based frameworks; working knowledge of PCI-DSS and FedRAMP requirements.
• Proficiency with security tools such as Splunk, Tenable.sc, and Fortify.
• Preferred: Certified Information Systems Security Professional (CISSP).
• Bachelor's degree in Computer Science, Computer Programming, Computer Engineering or relevant computer-based major. Experience may be considered in lieu of degree
•  Location: Remote

GDIT IS YOUR PLACE:

• Full-flex work week to own your priorities at work and at home
• 401K with company match
• Comprehensive health and wellness packages
• Internal mobility team dedicated to helping you own your career
• Professional growth opportunities including paid education and certifications
• Cutting-edge technology you can learn from
• Rest and recharge with paid vacation and holidays