IT Security Analyst 4

Role: IT Security Analyst 4

Location: Richmond, VA Hybrid

Duration: 6 Months

Interview: Face2Face Only

Work Arrangement: Hybrid 3 days - on site - 2 days - remote

Short Description

Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle.

Notes from the manager:

For this position we are really looking for someone who is strong in Security Operations (Vulnerability Management, Penetration Testing, Incident Response, Identity Access Management, etc.). A few of the candidates were strong in Risk Management (Risk Assessment, Data Classification, Audits, etc.) but we already have those skills on our team. The remaining candidates mostly struggled to answer basic technical questions relating to security and seemed to mostly come from more IT Operations backgrounds. We are looking for an experienced person as this is not an entry level opening.

General things to consider when screening:

Skill Required / Desired Amount of Experience

NIST 800-53 rev 5 and/or Criminal Justice Information System (CJIS) specifications for an information security management system Required 5 Years

Software development lifecycle, vulnerability management processes, role-based authentication methodologies, etc Required 5 Years

Familiarity with programming languages such as Python, Java, JavaScript, C , C#, SQL, HTML, CSS, and/or COBOL Required 5 Years

Expertise in using automated vulnerability scanners like Nessus, Qualys, Retina, and/or Tenable Required 5 Years

Familiarity with web application security testing tools like Burp Suite, Fortify, and/or AppScan Required 5 Years

Basic scripting skills (e.g. WDL, VBScript, JavaScript, PowerShell, Python) for automation Required 5 Years

IT security or risk assessment certifications are advantageous (CISM, CCSP, CISSP, CEH, CompTIA Pentest and/or CompTIA Security ) Required 5 Years