Cyber Security Specialist
The Cyber Security Analyst acts as a lead consultant, interfacing between the customer and IT security consulting team throughout the federal information system risk management framework process. The ideal candidate is very detailed oriented with strong written and oral communication skills as well as a strong technical background. He/she will be responsible for performing both automated and manual vulnerability checks as well as developing, finalizing, and reviewing key deliverables. As a result, a strong understanding of standards and requirements outlined by FISMA, NIST, OMB and others is required. The Cyber Security Vulnerability Analyst will be actively engaged in identifying unique system characteristics, interacting with key organizational personnel (technical and administrative), working with the consulting team to compose requisite documentation (periodic scanning reports, risk assessments, vulnerability assessment reports, etc.), and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices. This position has excellent career growth potential.
- Working face-to-face with multiple stakeholders interviewing, planning, or participating in a team effort to bring multiple complex projects to fruition in a highly motivated, fast paced environment.
- Experience in verifying compliance with DISA Security Technical Implementation Guides (STIG).
- Experience in verifying compliance with Center for Internet Security (CIS) Benchmark checks.
- Familiarity and hands-on experience with automated scanning tools such as Nessus and nCircle.
- Conducting in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
- Analyze business models, workflows, and organizational dimensions as they relate to the design, implementation and support of the information system.
- Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.
- Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems, Virtual Private Networking, and virus protection technologies -- behavioral based a plus). Hands-on experience a plus.
- Knowledge of LAN/WAN design and general internetworking technologies. Hands-on experience a plus.
- Knowledge of Windows, Linux, and Unix operating systems. Hands-on experience a plus.
- Knowledge of Microsoft SQL, Oracle, and Sybase. Hands-on experience a plus.
- Knowledge of virtualized environments. Hands-on experience a plus.
- Knowledge of enterprise level support applications (Exchange, BES, etc.) a plus.
- Capabilities of digital components comprising Industrial Control Systems (ICS)
- Cyber security principles as they apply to the protection of components within:
- Supervisory Control and Data Acquisition (SCADA) Systems,
- Distributed Control Systems (DCS), and
- Safety Instrumented Systems (SIS)
- ICS technologies and protocols, including those associated with:
- Remote Terminal Units (RTUs)
- Programmable Logic Controllers (PLCs)
- Wireless Communications (e.g., ISA 100 and Wireless HART)
- Portable Media and Mobile Devices
- ICS standards and certifications, such as:
- ISA/IEC-62443 (Formerly ISA-99)
- IEEE 802.3
- NERC Critical Infrastructure Protection (CIP) Standards
- NRC Regulatory Guide 5.71
- NEI 08-09, Revision 6
- NIST Special Publications
- ISASecure Certifications
- IT security architecture and design (e.g., firewalls, Intrusion Detection Systems, Virtual Private Networking)
Responsible for the development of periodic scanning reports, risk assessments, vulnerability assessment reports and/or standards and policies across multiple IT platforms, including: Mainframe, Client Server, and Web-based systems. Possesses an understanding of capabilities associated with the security monitoring products across all IT platforms. Ensures that the policies reflect current standards in place including FISMA and other industry standards. Monitors compliance and conducts periodic reviews of policies.
The Ideal candidate will also have one or more of the following certifications: CEH, CISSP, CCNA, CISSP, and/or CISA
Minimum Education: AA/AS degree in information systems, computer science, or related fields.
Minimum Experience: 4 years working in information systems, computer science, or related fields (may be concurrent) and at least 2 years with hands-on administration of information systems.
Incorporated in Maryland in 2009, GreenGate is a Small Disadvantaged- Service Disabled Veteran-Owned Company. We focus on customer service to provide enterprise infrastructure services in the form of Solutions Architecture, Program Management, Systems Integration and Infrastructure Support. Our client base consists of Commercial, DOD and Federal governments. Our enthusiastic organization is devoted to customer service, and innovation with focus on new trends and technologies. GreenGate offers competitive salaries and full benefits.
Thu, 27 Jul 2017 06:03:40 PDT