Security Analyst (Onsite)
DPP is seeking a Security Analyst for an opportunity in Columbia, SC.
Summary:
The Security Analyst is a hands-on role within the organization's Office of Cybersecurity (OCS) that will play an integral role in the active defense of the systems and networks at the organization.
The Security Analyst will support the establishment, implementation and/or enhancement of Information Systems' Security and Compliance efforts based on Federal, State and Agency Policy/Standards.
The Security Analyst must have foundational technical knowledge of IT systems' security, network security and administrative tasks, be a strong oral and written communicator, and be eager to interact with the organization's technical staff, business unit representatives, stakeholders, and vendors.
Candidates should have extensive SOC and incident response experience.
Work arrangement:
Fully onsite role.
W2 position, 12 months with the possibility of extension.
Job Description:
The Security Analyst is primarily responsible for assessing and evaluating the organization's information and cyber security solutions and processes, as well as providing technical advisory to influence the design and implementation of security information technology systems and networks.
The Security Analyst will guide junior analysts (Security Analyst I and II) in identifying and addressing risks, and lead the response to information security issues.
Must be able to mentor junior analysts.
Candidates should be self-starters, creative problem solvers and have an eagerness to implement tactics, techniques and procedures which make the most effective use of the organization's staff, resources, products, and technologies quickly.
Responsibilities:
Assist in the day-to-day duties of SOC monitoring activities, tools, and processes Provide hands-on support of OCS security tools Conduct threat hunts (specialized searches) for evidence of compromise Monitor security technologies for alerts Investigating incidents, gathering evidence, and analyzing data Analyze anomalous activity and potential threats to the organization's connected resources Collaborate with OCS Staff and other organizational staff, leadership, business partners and other parties/stakeholders to support security and compliance risk mitigation efforts Other duties as assigned Required technical knowledge:
Understanding of information technology and security concepts.
Experience or knowledge of operating systems (e.
g.
, Android, iOS, Linux, Windows, MVS, VMWare), cloud computing, networks, hardware and software platforms, and protocols as they relate to information security.
Experience or knowledge in performing vulnerability assessments, including scanning, analysis of results, and manual validation.
Experience with secure networking technologies such as network firewalls and IDS/IPS technologies, Network Security Monitoring expertise, and Security Information and Event Management (SIEM) systems.
Experience in information security incident response and risk management.
Experience managing and responding to information security risks, threats, and incidents.
Threat and vulnerability management; awareness of current threats to confidentiality, integrity, and availability of data and controls to mitigate threats Strong working knowledge of applicable internal and/or external regulatory policies, standards, procedures, and controls (e.
g.
, Centers for Medicaid and Medicare (CMS) MARS-E 2.
0, National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), and Federal Risk and Authorization Management Program (FedRAMP).
Experience or knowledge with development and integration of RMF tasks and artifacts into the System Development Life Cycle (SDLC) is ideal.
Experience or knowledge in security as related to multi-tenant, cloud services and vendor interface management would be considered desirable for this position.
Working knowledge of TCP/IP and the functioning of its component protocols, ability to read, and analyze, using various toolsets such as tcpdump, Wireshark, etc.
; how they work and what information they produce will be beneficial in this role.
Understanding of basic defense-in-depth principles such as and secure system configuration, network segmentation and malicious code protection is a plus.
Information Systems Security
Experience:
Experience working in a SOC environment is preferred.
Experience in operating and contributing to a security operations center responding to alerts and anomalies, creating and interpreting dashboards and triaging cross-functional teams is preferred.
Hands-on experience in the secure implementation, operation and on-going maintenance of computer systems, software, hardware, and networks is preferred.
Required knowledge, skills, and abilities:
Must have hands-on experience or educational background in IT System Security or System Administration (6 years) Experience with incident response procedures and practices Must be willing to learn and take on new tasks Willingness to work independently and as a member of a team Willingness to collaborate and coordinate with multiple teams and vendors Ability to multitask and prioritize tasks effectively in order to effectively report on the status of assigned work Ability to multitask and prioritize tasks effectively in order to meet deadlines in a results-oriented environment Must have intermediate skills in Microsoft Office products (Word, Excel, PowerPoint, Visio) to include working with templates and style guidelines for branding consistency Strong understanding of enterprise operations & secure best practices Ability to absorb, retain and communicate processes Strong written and verbal communication skills.
Ability to accept changes and constructive criticism and remain flexible in dealing with leadership and teams of varying technical and business knowledge.
Preferred KSAs:
Prior Health Information Technology experience Centralized Log Management experience Familiarity with security regulatory requirements and standards (such as NIST 800 series, MARS-E) Experience performing or supporting information security compliance assessments and audits Work and/or consulting experience in federal, state, city, or local government.
Preferred education/certifications:
Bachelor degree in information technology, computer science, related technical field, with a minimum of 3 years relevant work experience Information Security certifications such as:
CompTIA, ISC(2), SANS GIAC, CCNA Security, or similar Interested? Learn more:
Click the apply button or contact our recruiter Jordan at email protected to learn more about this position (#23-00515).
DPP offers a range of compensation and benefits packages to our employees and their eligible dependents.
Call today to learn more about working with DPP.
Authorized US Worker - US Citizens and those authorized to work in the US are encouraged to apply.
We are unable to sponsor at this time.
EOE/AA/V/D Recommended Skills Administration Assessments Auditing Branding Cloud Computing Computing Platforms Estimated Salary: $20 to $28 per hour based on qualifications.
Summary:
The Security Analyst is a hands-on role within the organization's Office of Cybersecurity (OCS) that will play an integral role in the active defense of the systems and networks at the organization.
The Security Analyst will support the establishment, implementation and/or enhancement of Information Systems' Security and Compliance efforts based on Federal, State and Agency Policy/Standards.
The Security Analyst must have foundational technical knowledge of IT systems' security, network security and administrative tasks, be a strong oral and written communicator, and be eager to interact with the organization's technical staff, business unit representatives, stakeholders, and vendors.
Candidates should have extensive SOC and incident response experience.
Work arrangement:
Fully onsite role.
W2 position, 12 months with the possibility of extension.
Job Description:
The Security Analyst is primarily responsible for assessing and evaluating the organization's information and cyber security solutions and processes, as well as providing technical advisory to influence the design and implementation of security information technology systems and networks.
The Security Analyst will guide junior analysts (Security Analyst I and II) in identifying and addressing risks, and lead the response to information security issues.
Must be able to mentor junior analysts.
Candidates should be self-starters, creative problem solvers and have an eagerness to implement tactics, techniques and procedures which make the most effective use of the organization's staff, resources, products, and technologies quickly.
Responsibilities:
Assist in the day-to-day duties of SOC monitoring activities, tools, and processes Provide hands-on support of OCS security tools Conduct threat hunts (specialized searches) for evidence of compromise Monitor security technologies for alerts Investigating incidents, gathering evidence, and analyzing data Analyze anomalous activity and potential threats to the organization's connected resources Collaborate with OCS Staff and other organizational staff, leadership, business partners and other parties/stakeholders to support security and compliance risk mitigation efforts Other duties as assigned Required technical knowledge:
Understanding of information technology and security concepts.
Experience or knowledge of operating systems (e.
g.
, Android, iOS, Linux, Windows, MVS, VMWare), cloud computing, networks, hardware and software platforms, and protocols as they relate to information security.
Experience or knowledge in performing vulnerability assessments, including scanning, analysis of results, and manual validation.
Experience with secure networking technologies such as network firewalls and IDS/IPS technologies, Network Security Monitoring expertise, and Security Information and Event Management (SIEM) systems.
Experience in information security incident response and risk management.
Experience managing and responding to information security risks, threats, and incidents.
Threat and vulnerability management; awareness of current threats to confidentiality, integrity, and availability of data and controls to mitigate threats Strong working knowledge of applicable internal and/or external regulatory policies, standards, procedures, and controls (e.
g.
, Centers for Medicaid and Medicare (CMS) MARS-E 2.
0, National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), and Federal Risk and Authorization Management Program (FedRAMP).
Experience or knowledge with development and integration of RMF tasks and artifacts into the System Development Life Cycle (SDLC) is ideal.
Experience or knowledge in security as related to multi-tenant, cloud services and vendor interface management would be considered desirable for this position.
Working knowledge of TCP/IP and the functioning of its component protocols, ability to read, and analyze, using various toolsets such as tcpdump, Wireshark, etc.
; how they work and what information they produce will be beneficial in this role.
Understanding of basic defense-in-depth principles such as and secure system configuration, network segmentation and malicious code protection is a plus.
Information Systems Security
Experience:
Experience working in a SOC environment is preferred.
Experience in operating and contributing to a security operations center responding to alerts and anomalies, creating and interpreting dashboards and triaging cross-functional teams is preferred.
Hands-on experience in the secure implementation, operation and on-going maintenance of computer systems, software, hardware, and networks is preferred.
Required knowledge, skills, and abilities:
Must have hands-on experience or educational background in IT System Security or System Administration (6 years) Experience with incident response procedures and practices Must be willing to learn and take on new tasks Willingness to work independently and as a member of a team Willingness to collaborate and coordinate with multiple teams and vendors Ability to multitask and prioritize tasks effectively in order to effectively report on the status of assigned work Ability to multitask and prioritize tasks effectively in order to meet deadlines in a results-oriented environment Must have intermediate skills in Microsoft Office products (Word, Excel, PowerPoint, Visio) to include working with templates and style guidelines for branding consistency Strong understanding of enterprise operations & secure best practices Ability to absorb, retain and communicate processes Strong written and verbal communication skills.
Ability to accept changes and constructive criticism and remain flexible in dealing with leadership and teams of varying technical and business knowledge.
Preferred KSAs:
Prior Health Information Technology experience Centralized Log Management experience Familiarity with security regulatory requirements and standards (such as NIST 800 series, MARS-E) Experience performing or supporting information security compliance assessments and audits Work and/or consulting experience in federal, state, city, or local government.
Preferred education/certifications:
Bachelor degree in information technology, computer science, related technical field, with a minimum of 3 years relevant work experience Information Security certifications such as:
CompTIA, ISC(2), SANS GIAC, CCNA Security, or similar Interested? Learn more:
Click the apply button or contact our recruiter Jordan at email protected to learn more about this position (#23-00515).
DPP offers a range of compensation and benefits packages to our employees and their eligible dependents.
Call today to learn more about working with DPP.
Authorized US Worker - US Citizens and those authorized to work in the US are encouraged to apply.
We are unable to sponsor at this time.
EOE/AA/V/D Recommended Skills Administration Assessments Auditing Branding Cloud Computing Computing Platforms Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
