IT Security Analyst 4

Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle.

• Analyze the securityimpact of application, configuration, and infrastructure changes to ensurecompliance with the security standard as part of the change managementlifecycle.
• Assess theconfigurations of applications, servers, and network devices for compliancewith the security standard.
• Analyze and document how the implementation ofa new system or new interfaces between systems impacts the security posture ofthe current environment.
• Assess and document the security impact andrisks of newly discovered vulnerabilities in the environment.
• Coordinate resolution of application andinfrastructure security vulnerabilities with System Owners, IT, and vendors.Track resolution of vulnerabilities and provide regular updates to management.
• Coordinate resolution of endpoint security vulnerabilities with users and provide regular updates to management.
• Respond to, and investigate, security incidents and provide thorough post-event analyses.
• Perform internal application penetration testing, document findings, and recommend improvements to improve the organization’s security posture.
• Complete annual password security audits and coordinate completion of agency wide user access audits in compliance with the security standard.
• Determine the protection needs (i.e., securitycontrols) for the information system(s) and network(s) and documentappropriately.
• Create and maintain desk procedures and process documentation for all responsibilities.

Skill Matrix:

• NIST 800-53 rev 5 and/or Criminal Justice Information System (CJIS) specifications for an information security management system. Required 5 Years
• Software development lifecycle, vulnerability management processes, role-based authentication methodologies, etc. Required 5 Years
• Familiarity with programming languages such as Python, Java, JavaScript, C , C#, SQL, HTML, CSS, and/or COBOL. Required 5 Years
• Expertise in using automated vulnerability scanners like Nessus, Qualys, Retina, and/or Tenable. Required 5 Years
• Familiarity with web application security testing tools like Burp Suite, Fortify, and/or AppScan. Required 5 Years
• Basic scripting skills (e.g. WDL, VBScript, JavaScript, PowerShell, Python) for automation Required 5 Years
• IT security or risk assessment certifications are advantageous (CISM, CCSP, CISSP, CEH, CompTIA Pentest and/or CompTIA Security ) Required 5 Years