Junior Security Analyst

SAIC - Washington, DC4.0

Full-timeEstimated: $79,000 - $110,000 a year
EducationSkills
Job Description:
The customer is interested in IT Modernization efforts and Reskilling and Workforce Transformation. Reskill and upskill employees impacted by IT modernization efforts, evolve workforce to more 21st Century skillsets and work practices, and enable the workforce to drive successful IT Modernization efforts going forward utilizing in-house talent.

The Junior Security Analyst designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises. Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions. Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions. Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff.

The Junior Security Analyst is responsible for conducting assessments of threats and vulnerabilities; determining deviations from acceptable configurations and enterprise or local policy; assessing level of risk; and developing and/or recommending appropriate mitigation countermeasures in operational and non-operational situations. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate, and remediate vulnerabilities and intrusions. May perform network mapping, vulnerability scanning, phishing assessments, wireless assessments, web application assessments, operating system security assessments (OSSA), and database assessments. May research, evaluate, and recommend new security tools, techniques, and technologies and introduce them to the enterprise in alignment with IT security strategy. May support the formal security test and evaluation (ST&E) activities. May periodically conduct a review of each system’s audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance, and reporting. May provide briefings to senior staff.

Principal Duties and Responsibilities

As directed, designs, tests, and implements secure operating systems, networks, security monitoring, tuning, and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions.

Conducts risk and vulnerability assessment at the network, system, and application levels. Conducts threat modeling exercises.

As part of a team, develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs.

Under direction, applies knowledge of network, system, and application security threats and vulnerabilities to a wide range of security issues, including architectures, firewalls, electronic data traffic, and network access.

Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards.

Qualifications

Education and Experience:
Bachelor’s degree or equivalent and two (2) years of relevant experience in IT security.

Required Skills:
Must have working knowledge of cybersecurity engineering principles, techniques, and technologies.

Information security certifications required (A+ CE, Network+ CE, SSCP GSLC, CAP, Security+ CE, and/or SSCP).

Individuals must be familiar with National Institute of Standards and Technology (NIST) 800-53 Rev4 or higher and capable of reviewing, analyzing, and assessing systems configurations/architectures to identify security, safety, and mission-critical functions/components.

Must be familiar with NIST 800-37 Risk Management Framework (800-37 Rev 2 - DRAFT) and capable of devising policy recommendations to streamline and accelerate successful security outcomes.

Must be familiar with DevSecOps principles and methods for maturing security integration and automation of cybersecurity processes.

Must be a US Citizen with ability to obtain Public Trust

Clearance Requirement:
Must be a US citizen and have the ability to obtain a Public Trust security clearance.

Overview

SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability