Network Security Analyst

DESCRIPTION OF SERVICES

The agency requires the services of 1 Network Security Analyst 1, hereafter referred to as Candidate(s), who meets the general qualifications of Network Security Analyst 1, Networking / Telecommunications and the specifications outlined in this document for the agency.

A network security analyst ensures that information systems and computer networks are secure. This includes protecting the company against hackers and cyber-attacks, as well as monitoring network traffic and server logs for activity that seems unusual. Additionally, these analysts are responsible for finding vulnerabilities in the computer networks and creating recommendations for how to minimize these vulnerabilities. The network security analyst investigates security breaches, develops strategies for any security issues that arise, and utilizes the help of firewalls and antivirus software to maintain security

Responsible for finding vulnerabilities in the computer networks and creating recommendations for how to minimize these vulnerabilities. Knowledge and experience with Tenable / Nessus vulnerability scanning. Participate in incident response activities and 24 / 7 on-call rotation as needed.

CANDIDATE SKILLS AND QUALIFICATIONS

Minimum Requirements :

Years Required / Preferred Experience

• 2 Required Knowledge of computer networking concepts and protocols, and network security methodologies.
• 2 Required Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• 2 Required Knowledge of cyber threats and vulnerabilities.
• 2 Required Knowledge of host / network access control mechanisms (e.g., access control list, capabilities lists).
• 2 Required Knowledge of systems diagnostic tools and fault identification techniques.
• 2 Required Knowledge of system administration, network, and operating system hardening techniques.
• 2 Required Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• 2 Required Knowledge of system administration concepts for operating systems such as but not limited to Unix / Linux, IOS, Android, and Windows operating systems.
• 2 Required Knowledge of penetration testing principles, tools, and techniques.
• 2 Required Knowledge of an organization's threat environment.
• 2 Required Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• 2 Required Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
• 2 Required Skill in the use of penetration testing tools and techniques.
• 2 Required Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
• 2 Required Skill in conducting application vulnerability assessments.
• 2 Required Conduct and / or support authorized penetration testing on enterprise network assets.
• 2 Required Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies / solutions.
• 2 Required Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas.
• 3 Preferred Tenable / Nessus administration, operation and vulnerability management.