Information System Security Analyst
HHB Systems is a veteran owned small business known for systems engineering and technical assistance on world class programs. We lead the way in professional management advisory services; analytic support; cybersecurity; systems engineering; systems and application design; acquisitions and integration; as well as systems administration of major analytical DoD and DHS operational systems. We are looking for talented, creative, team-oriented professionals who take pride in providing innovative, relevant, and actionable solutions for our customers' most challenging problems.
The Information System Security Analyst applies current technologies to the design, development, evaluation and integration of computer information systems and networks to maintain system security. May work with commercial computer product vendors in the design and evaluation of state-of-the-art secure COTS applications, operating systems, networks and database products and technology. Provides security engineering and integration services to internal customers. Involved in a wide range of issues including secure architectures, secure electronic data traffic, network security, information security and privacy. Uses encryption technology, penetration, risk management and vulnerability analysis of various security technologies and information technology security research. Develops security systems for any manual or automated systems environments. Responsible for ensuring the protection of company data against unauthorized disclosure, accidental or intentional loss of data, or unauthorized modification. May prepare security reports.
This position may require shift work.
U.S. Citizenship status is required as this position needs an active TS/SCI security clearance.
•Maintain operational security posture for the program to ensure information systems security policies, standards, and procedures are established and followed
•Assist with the management of security aspects of the information system and performs day-to-day security operations of the system
•Evaluate security solutions to ensure they meet security requirements for processing classified information
•Perform vulnerability/risk assessment analysis to support certification and accreditation
•Provides configuration management (CM) for information system security software, hardware, and firmware
•Manage changes to system and assesses the security impact of those changes
•Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, etc.
•Experience and/or familiarity with Certification and Accreditation (C&A)
•Experience and/or familiarity with the following network protection devices: Firewalls, intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow and packet analysis
•Experience and/or familiarity with Secure Technical Implementation Guides (STIGs), Information Assurance Vulnerability Alert (IAVA), DCID 6/3, Federal Information Security Management Act (FISMA) and other tools using industry best practices
•Perform analysis on large data sets
•Provide security services for certification and accreditation (C&A) requirements, including developing and maintaining information assurance documentation for all network components
•Support continuous monitoring and FISMA compliance
•Conduct bi-monthly vulnerability scans and reconcile results, and report all findings
•Experience with one or more of the following: Netezza, Mantra Centrifuge, Aginity Workbech, LYNXeon, Cyber Solutions, VIAssist, IN-SPIRE, CyberSource, iClass, SPSS, Max Mind, Quova, etc.
Desired Certifications: CISSP, Security+, Network+, Cisco Certified Network Professional (CCNP), Cisco Certified Security Professional (CCSP) or similar certification.
• Eight years of cyber security or similar expericne with a Bachelor's degree in Information Security, Cyber Engineering, Engineering or a related discipline is required
•A Masters degree in a related discipline may be substituted for two (2) years of experience
•Relevant experience may be considered in lieu of a degree