Danastar Professional Services, Inc
Call Us: +1 (800) 645-9510

Senior Security Analyst

Home / Senior Security Analyst

Job Description

We have an immediate need for a Security Analyst that will also act as the Assistant Project Manager in an IT Security Division in a mid-­‐sized federal agency in Washington, DC. The candidate will be a member of the IT Security & Operations Team and will actively support the Senior PM. As part of this small team, you will be responsible for supporting and managing the day-­‐to-­‐day tasks of the Security and Operations division, alongside the Senior PM. This role requires extensive knowledge and experience in the Cyber Security domain, and some experience in leading security projects.

Essential Duties:

  • Maintaining and supporting management process for a Federal Government IT program
  • Managing and auditing security program C&A deliverables and POA&Ms
  • Maintaining a vulnerability management process for the Federal Government
  • Authoring operational procedures
  • Overseeing team plans for identified vulnerabilities, and addressing ad hoc security threats and vulnerabilities
  • Conduct research on emerging security threats
  • Monitoring multiple security technologies, such as Solarwinds, EnCase, Websense, ArcSight, Snort, Damballa,FireEye, Palo Alto, and NIKSUN
  • Manage and develop intelligence analysis and reporting products
  • Coordinate with Federal and Cyber Threat community and working groups
  • Develop focused reporting and briefings for advanced cyber threats and activity
  • Provide correlation and trending of Program’s cyber incident activity
  • Develop threat trend analysis reports and metrics
  • Support SOC analysis, handling and response activity
  • Working with the Security and Operations teams to author operational procedures, risk assessments, and systemdocumentation
  • Manage day to day team tasks, anticipate project risks, and keep all project plan documentation updated
  • Brief senior management on task completion and project issues
  • Participating in peer review of deliverable and attending meetings
  • Maintain situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) andFocused Operations (FO) incidents
  • Develop focused reporting and briefings for advanced cyber threats and activity
  • Support Security analysis, handling and response activity
  • Manage and author Standard Operating Procedures (SOPs) and training documentation when neededEducation/Equivalent Training RequiredBachelor’s Degree in Computer Science/MIS/IT/Cyber Security, or the equivalent combination of education, technical certifications or training, or work experience.
    At least one of the following certifications is required:
  • Certified Information Systems Security Professional (CISSP)
  • Systems Security Certified Practitioner (SSCP)
  • Certification and Accreditation Professional (CAP)
  • Microsoft Certified Systems Engineer: Security (MCSE: Security)
  • Cisco Certified Security Professional (CCSP)
  • Certified Information Security Manager (CISM)
  • Certified Information System Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • GIAC Security Expert (GSE)
  • GIAC Systems and network Auditor (GSNA)Experience
  • Ability to build consensus and lead IT experts
  • At least 1-3 year project leadership/project management/project coordination experience in an IT Security team
  • Security Operations Center (SOC) environment experience with security engineering and monitoring experience aMUST
  • 5-10 years of experience within IT industry with at least two 2 years supporting federal agency informationsecurity policies and program
  • 1-2 years with POA&M management environment (e.g. ASSERT)
  • 1-2 years with Test Case management environment (e.g. HP TestDirector, QuickTest)
  • 1-2 years with vulnerability and penetration test tools (e.g. ISS, Nessus, WebInspect)
  • Monitoring multiple security technologies, such as Solarwinds, EnCase, Websense, ArcSight, Snort, Damballa, FireEye, Palo Alto, and NIKSUN
  • Knowledge of Cyber Security Federal requirements including knowledge of C&A processes and deliverables,FISMA, NIST, and OMB information security memoranda
  • Knowledge reading Vulnerability and Penetration assessments and logs (e.g. ISS, Nessus, WebInspect)
  • Acted as a significant contributor or lead role in vulnerability or penetration test engagements for 1000+ personorganization(s)
  • 2-4 years IT engineering experience including network configuration, directory services, web hosting (MCSE orCCNA preferred)
  • 1-2 years applying and working knowledge of NIST SP 800-53 control families, FISMA, and OMB informationsecurity memoranda
  • Excellent English verbal, written and presentation skills