Information Security Analyst - New Jersey Area

Description

SEMCON supports the Federal Aviation Administration (FAA)’s mission, vision, and goals; and provides highly qualified, professional, technical, and managerial resources to satisfy our customer requirements.

SEMCON is proud to offer a company culture that aligns enriching career experiences, growth opportunities, and collaborative engagement for all of our SEMCON employees which together, results in a rewarding environment and a company value which is greater than the sum of our parts.

We are in search of a Information Security Analyst who will have the opportunity to join our collaborative team at the William J. Hughes Technical Center to support the Voice Switching and Recording (VS&R) program.

Requirements

The Information Security Analyst should be proficient in Linux and will focus on Security Assessments and Security Implementation and experience should include all or a combination of the following :

Security Assessments

• Plan, execute and track security risk assessment process adherence, interfacing with stakeholders from other functional areas (such as other security teams) and coordinating with vendor resources to assist with remediation
• Experience building and adhering to schedules to meet security authorization milestones, reporting status on the milestones and providing solutions to schedule challenges to avoid impacts
• Experience performing analysis of 3rd party system security design at the software, operating system and network level, and documenting system security design to address NIST controls
• Thorough technical understanding of NIST SP 800-53 security controls, and participation in risk assessments of systems to NIST controls
• Experience conducting vulnerability and compliance assessments of systems using industry standard benchmarks (e.g. CIS, STIGs) with tools such as Nessus and nmap
• Investigate and respond to notices of potential vulnerabilities and other design/inventory questions
• Review event logs from system components to assist in troubleshooting or security investigations
• Review deployment schedules and equipment orders to identify devices that will utilize network communication.
• Coordinate IP address/subnet requests and firewall rule requests using tables and spreadsheets.
• Track locations, subnets, assets, and IP addresses using spreadsheets, sharing those data items with other teams as required.

Security implementation: hardening and ongoing maintenance

• Deep knowledge of Linux/Unix operating structure and interfaces with experience in scripting (BASH)
• Understand the use of operating system configuration, software configuration, and design choices to address security controls (such as NIST SP 800-53)
• Experience configuring COTS and open-source software packages
• Knowledge of CISCO IOS and configuration of security features
• Thorough technical understanding of IP networks and the OSI model.
• Experience hardening operating systems to industry standard benchmarks (e.g. CIS, STIGs)
• Experience analyzing TCP/UDP port scanning results and identifying/analyzing associated vulnerabilities
• Familiarity with languages such as C , Python, and the differences between them
• Experience applying updates/patches for operating systems, applications, and device firmware
• Experience with the use of change control processes to manage system baselines

Familiarity with the following tools is desired:

• Nessus
• Nmap
• Microsoft SQL Server Management Studio or other SQL database management
• SSH client such as PuTTY
• Web interfaces administration for device configuration
• Windows Command Prompt, such as ipconfig, netstat, ping, etc.
• Windows administration tools
• ArcSight – Event searches from a web interface (Logger, Recon, ESM Command Center)

A Bachelor's Degree in Computer Science, Engineering, or related discipline and at least 6 years of experience is preferred.

SEMCON will offers a competitive salary and complete benefits package which includes health benefits (medical, dental, vision, and life), 401K with a generous employer match, paid time off, and paid holidays. Some hybrid/telework may be available for candidates with a long commuting distance from the facility in Egg Harbor Township, NJ, however a regular on-site presence is also required.

Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time