I.T. Systems and Data Security Analyst

Position Summary:

Provide information technology security services to the U.S. Army’s Tank Automotive Research, Development, and Engineering Center (TARDEC) Software Engineering Center (SEC). Provide security functions such as vulnerability management, traffic monitoring, log analysis, POAM management, eMASS management, security assessments, configuration management, incident response, and inventory management. Using the Risk Management Framework, develop Assessment and Authorization (A&A) packages for information computer systems. Use NIST 800-53 Rev. 4 controls and create security compliance documents such as FIPS199 workbook, Contingency Plan, Contingency Plan Test, Security Plan, Security Controls Traceability Matrix, and Security Assessment Plan. Work efficiently with technical staff, security staff, and executives.

Under general supervision, responsible for moderately complex security issues including architectures, electronic data traffic, and network access. Applies current computer science technologies to the design, development, evaluation, and integration of computer systems and networks to maintain data security. Conducts risk assessments and provides recommendations for application design.

Duties and Responsibilities:

Develops, implements, enforces and communicates security policies or plans for data, software applications, hardware, telecommunications and information systems security education/awareness programs.

Carries out phases of information systems/networks security program that involves access to computers and computerized data enabling company to meet contractual requirements for network security.

Researches, evaluates, tests, recommends, communicates and implements new security software or devices.

Conducts regular audits to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in security plans.

Conducts investigations of computer security violations and incidents, reporting as necessary to management. Identifies and recommends solutions to security exposures.

Develops, tests, and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.

Works with commercial computer product vendors in the design and evaluation of state-of-the-art secure operating systems, networks, and database products.

Coordinates with project teams in system consolidation, information security software upgrades, and contingency management planning and execution.

Responds to queries and requests for computer security information and reports. May draft security reports to regulatory agencies such as Departments of Defense or Energy.

Qualifications

Education and Experience

The ideal candidate will have experience using the Risk Management Framework (RMF) in a DoD environment to develop Assessment and Authorization (A&A) packages for information computer systems. The ideal candidate will have proficiency using NIST 800-53 Rev. 4 controls, and experience creating and administering security compliance documents such as FIPS199 workbook, Contingency Plan, Contingency Plan Test, Security Plan, Security Controls Traceability Matrix, and Security Assessment Plan. The ideal candidate will have experience working with Linux systems, notably Red Hat Enterprise Linux (RHEL). The ideal candidate will also have experience with log analysis tools such as Splunk and traffic monitoring tools such as Wireshark.

As a condition of employment, the candidate must have one of the DoD 8570.1M IAM Level I, Level II, or Level III certifications, listed below:

CAP

GSLC

Security+ CE

CASP

CISSP (or Associate)

CISM

GSLC

Bachelor’s degree in related discipline plus 3 to 5 years of directly related experience. Master’s degree preferred.

In some cases, educational requirements may be adjusted or waived for more than 7 years applicable work experience. Work experience may be adjusted for highly specialized knowledge or uniquely applicable experience for positions involving new technology or labor market shortages as reflected by

market survey data.

Knowledge, Skills, Abilities:

Familiar with Information Assurance Policies and Procedures, including the DIACAP process.

A security clearance of an appropriate level may be required after employment.

Diversity Statement

Women, minorities, individuals with disabilities and veterans are encouraged to apply. Alion will provide a reasonable accommodation to individuals with disabilities and disabled veterans who need assistance to apply. Please visit the Alion Careers site for more information

U.S. Citizenship Required.