Company Overview

For 30 years, clients in the private and public sectors have relied upon SOS International LLC (SOSi) for critical operations in the world’s most challenging environments. SOSi is privately held, was founded by its current ownership in 1989, maintains corporate headquarters in Reston, VA, and specializes in providing logistics, construction, training, intelligence, and information technology solutions to the defense, diplomatic, intelligence and law enforcement communities.

All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.


6-180615-7021: Senior Computer Security Analyst
LocationU.S. - Washington, DC
Open Date4/5/2019
  
JOB DESCRIPTION
STG Inc, an affiliated company of SOS International LLC (SOSi) is seeking qualified, professional, and experienced Sr. Computer Security Analyst in Washington, DC.

This position is located in Washington, DC. The ideal candidate will be responsible for assessing information risk and facilitates remediation of identified IT security and IT risk across the enterprise. Performs assessments of the IT security/risk posture within the IT network, systems and software applications, in addition to assessments within the different systems. Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintains oversight of IT and continuous monitoring for security maintenance of their systems and applications. Provides weekly project status reports, including outstanding issues. The Senior Security Analyst will assist in all IT audits and IT risk assessments.  This position will help with a dynamic role requiring leadership and coordination with multiple IT teams.  This environment supports over 1,100 users and over 7,000 assets located in multiple locations in the Washington, DC area; as well as offices in New York, NY; Chicago, IL; and Kansas City, MO.

ESSENTIAL JOB DUTIES
  • Coordinate, plan, schedule, and execute initiatives for the complete support and management of the IT security posture for the Federal client
  • Establish and maintain a CFTC Configuration Management program following Security Configuration Management (SecCM) Plan, Identify and Implement, Control Configuration Changes, and Monitor for compliance lifecycle management
  • Monitor security threats to baseline configurations (workstations, laptops, servers, network appliances, mobile devices, etc.)
  • Support the development of tailored security configuration baselines.
  • Work with the Security team to gain acceptance and approval of all security controls
  • Work with the Operations team to recommend vendor best practices for Active Directory (AD), Organizational Units (OUs) and Group Policy Objects (GPOs) to optimize compliance monitoring and reporting.
  • Work with the Operations team to load, set up collections, and run scans for standard compliance reports for all approved baselines.
  • Analyze changes to AD OUs/GPOs, privileged access activities, and support data loss prevention (DLP) project
  • Work with the Network Team for compliance monitoring to vendor recommended baselines for network appliances using Solar Winds.
  • Participate (as needed) in the Configuration/Change Control Board (CCB) for review and recommendations for Configuration baseline vulnerability identification and remediation before and after implemented changes
  • Support activities for the NIST Risk Management Framework (RMF) and Continuous Diagnostic and Mitigation
  • Conduct continuous independent research on configuration compliance standards and industry best practices through white papers and presentations to management
  • Develop and document configuration baselines and monitor compliance; and assist in deployment of new or updated configuration baselines from the test environment to UAT or Production.
  • Assist in researching, evaluating, and developing relevant Information security policies and guidance.
  • Act as the lead security adviser/approver for the change control board.
  • Familiar with identity management systems (i.e. CyberArk, etc.)
  • Assist in establishing and testing Windows Operating Systems security settings and configurations
MINIMUM REQUIREMENTS

  • Minimum of 7 years of technical experience (Computer system design, integration, application development, and computer security)
  • Bachelors of Science Degree (or equivalent experience)
  • Must be a US Citizen
  • Knowledge of technical infrastructure, networks, databases, and systems in relation to IT Security and IT Risk.
  • Experience in conducting IT compliance assessments
  • Experience in IT security controls for NIST 800-53 (lastest version)
  • Technical experience with Security Operations Tools (such as Symantec (SEP/DLP), Solar Winds, ForeScout, AccelOpps, FortiSIEM, Cisco Sourcefire, Stealthwatch, IronPort, MIMESweeper, ProofPoint, TrendMicro, Enterprise Email Gateway, etc.)

Clearance:

  • Customer specific
ADDITIONAL INFORMATION

Preferred Qualifications:

  • Possess broad working knowledge of Incident Response activities.
  • Possess broad working knowledge of Configuration Management, Configuration Items, Configuration Baselines, CMDB management.
  • Possess knowledge of Risk Management Framework (RMF) for continuous monitoring
  • Possess broad knowledge of network architecture, asset and configuration management tools, baseline images and compliance folders.
  • Possess strong technical skills and analytic abilities, as well as experience performing network security analysis and risk management as it relates to the configuration.
  • Possess ability to perform complex technical tasks in pursuit of overall goals with minimal direction, limited access to systems, and resource restrictions.
  • Possess excellent written and professional oral communications skills to develop and present compliance reporting and security recommendations.
  • Possess the ability to translate an understanding of systems and applications into security baselines scan plans and perform hands on security scanning.
  • Demonstrated ability to analyze scan results and suggest mitigations for security problems.
  • Possess a broad knowledge of Information Security policies and guidance, as well as the ability to assist in researching, and evaluating.