Application Cyber Security Analyst (Remote)
We are GDIT.
The people supporting and securing some of the most complex government, defense, and intelligence projects across the country.
GDIT is seeking an Application Cyber Security Analyst to join our team supporting the US Department of Energy's (DOE) Office of the Chief Financial Officer (OCFO), Office of Corporate Information Systems to provide Operations and Maintenance (O) Support Services of their Corporate Business Systems (CBSOM).
As a Cyber Security Analyst, you will provide cyber security and vulnerability management support for a suite of DOE business applications.
You will support DOE's Corporate Business Systems, used by over 14,000 users to fulfill the agency's mission to promote energy independence, progress scientific research, and protect the nation through nuclear security.
Duties and responsibilities will include, but are not limited to:
Leads a team of Cyber Analysts to support continuous monitoring and vulnerability management support.
Leverages extensive application security knowledge to execute and analyze application and database vulnerability scans.
Develops project plans to lead security infrastructure upgrade and deployment initiativesResearch new technologies that can support improved vulnerability management service deliveryAssists with the application of security/IA policies, procedures, and standards.
Responsibilities include working with the customer to minimize risks and assess and secure networks Support data calls and audit information requests for the target systems in the application portfolioPerforms all procedures necessary to ensure the safety of the organization's web applications and transactions across the Internet.
Stays abreast of current federal Cyber policies and supports their interpretation and application to the DOE computing environmentWork with Risk Management Framework (RMF), STIGs, and IA Controls to apply and evaluate the security of DOE business applications Provide vulnerability metrics, diagnose problems, and provide intelligence for business operations by using tools such as SPLUNK, DbProtect, and Burp-Suite Leverage Security Information and Event Management (SIEM) systems and ITIL processes in the delivery of cyber-security services.
Execute and interpret vulnerability scans, and collaborate with system owners to address vulnerabilities Collaborate with database and application teams to manage and support Plans of Actions and Milestones (POAM) remediation Apply diagnostic techniques to identify problems, investigate causes, and recommend solutions.
Document user requests and actions taken in ServiceNow ticketing system Maintain current knowledge of relevant technology as assigned Minimum Requirements:
Bachelor's degree in Computer Science, Information Systems, Software Engineering, Business, or other related discipline with 5-8 years of increasingly responsible and relevant experience in defining security requirements.
Without a degree at least 9-11 years of relevant experience is required.
3
years of hands-on cybersecurity experience with a focus on application and database security, including architecture and penetration testing, firewalls, encryption, security monitoring, event and anomaly analysis and intrusion detection/prevention.
2
years of hands-on experience with Burp suite, or Web Inspect application vulnerability scans and analysis2
years of hands-on experience with Trustwave DB ProtectUnderstanding of common hacking techniques (eg, malware, etc.
) and effective counter measures.
Experience in Microsoft and Linux including Red Hat web server platforms Experience with Oracle and Microsoft SQL Server databases and their security configurations/baselinesGood team player, able to manage multiple assignments, and adapt to changing client needs Must be able to obtain and maintain a DOE Clearance and successfully pass a Government background screening process requiring the completion of detailed forms and fingerprinting US Citizenship
Qualifications:
Cybersecurity certifications (eg CISSP, CISA, CISM, CCSP, GCIH, GCIA, GSEC, OSCP, CHFI, CEH) Experience with ServiceNow for incident management, problem management, and service request management Experience with Anti-Virus, Intrusion Detection/Protection Systems, Firewalls, Active Directory, Vulnerability Assessment tools and other security tools found in large network environments.
ITIL v3 or v4 certification Previous Department of Energy experience.
WHAT GDIT CAN OFFER YOU:
Full-flex work week 401K with company match Internal mobility team dedicated to helping you own your career Collaborative teams of highly motivated critical thinkers and innovators Ability to make a real impact on the world around you Not sure this job's the one for you? Check out our other openings at gdit.
com/careers.
Do you have a friend or colleague this posting describes? Let them know about the opportunity by clicking Share.
.
Estimated Salary: $20 to $28 per hour based on qualifications.
The people supporting and securing some of the most complex government, defense, and intelligence projects across the country.
GDIT is seeking an Application Cyber Security Analyst to join our team supporting the US Department of Energy's (DOE) Office of the Chief Financial Officer (OCFO), Office of Corporate Information Systems to provide Operations and Maintenance (O) Support Services of their Corporate Business Systems (CBSOM).
As a Cyber Security Analyst, you will provide cyber security and vulnerability management support for a suite of DOE business applications.
You will support DOE's Corporate Business Systems, used by over 14,000 users to fulfill the agency's mission to promote energy independence, progress scientific research, and protect the nation through nuclear security.
Duties and responsibilities will include, but are not limited to:
Leads a team of Cyber Analysts to support continuous monitoring and vulnerability management support.
Leverages extensive application security knowledge to execute and analyze application and database vulnerability scans.
Develops project plans to lead security infrastructure upgrade and deployment initiativesResearch new technologies that can support improved vulnerability management service deliveryAssists with the application of security/IA policies, procedures, and standards.
Responsibilities include working with the customer to minimize risks and assess and secure networks Support data calls and audit information requests for the target systems in the application portfolioPerforms all procedures necessary to ensure the safety of the organization's web applications and transactions across the Internet.
Stays abreast of current federal Cyber policies and supports their interpretation and application to the DOE computing environmentWork with Risk Management Framework (RMF), STIGs, and IA Controls to apply and evaluate the security of DOE business applications Provide vulnerability metrics, diagnose problems, and provide intelligence for business operations by using tools such as SPLUNK, DbProtect, and Burp-Suite Leverage Security Information and Event Management (SIEM) systems and ITIL processes in the delivery of cyber-security services.
Execute and interpret vulnerability scans, and collaborate with system owners to address vulnerabilities Collaborate with database and application teams to manage and support Plans of Actions and Milestones (POAM) remediation Apply diagnostic techniques to identify problems, investigate causes, and recommend solutions.
Document user requests and actions taken in ServiceNow ticketing system Maintain current knowledge of relevant technology as assigned Minimum Requirements:
Bachelor's degree in Computer Science, Information Systems, Software Engineering, Business, or other related discipline with 5-8 years of increasingly responsible and relevant experience in defining security requirements.
Without a degree at least 9-11 years of relevant experience is required.
3
years of hands-on cybersecurity experience with a focus on application and database security, including architecture and penetration testing, firewalls, encryption, security monitoring, event and anomaly analysis and intrusion detection/prevention.
2
years of hands-on experience with Burp suite, or Web Inspect application vulnerability scans and analysis2
years of hands-on experience with Trustwave DB ProtectUnderstanding of common hacking techniques (eg, malware, etc.
) and effective counter measures.
Experience in Microsoft and Linux including Red Hat web server platforms Experience with Oracle and Microsoft SQL Server databases and their security configurations/baselinesGood team player, able to manage multiple assignments, and adapt to changing client needs Must be able to obtain and maintain a DOE Clearance and successfully pass a Government background screening process requiring the completion of detailed forms and fingerprinting US Citizenship
Qualifications:
Cybersecurity certifications (eg CISSP, CISA, CISM, CCSP, GCIH, GCIA, GSEC, OSCP, CHFI, CEH) Experience with ServiceNow for incident management, problem management, and service request management Experience with Anti-Virus, Intrusion Detection/Protection Systems, Firewalls, Active Directory, Vulnerability Assessment tools and other security tools found in large network environments.
ITIL v3 or v4 certification Previous Department of Energy experience.
WHAT GDIT CAN OFFER YOU:
Full-flex work week 401K with company match Internal mobility team dedicated to helping you own your career Collaborative teams of highly motivated critical thinkers and innovators Ability to make a real impact on the world around you Not sure this job's the one for you? Check out our other openings at gdit.
com/careers.
Do you have a friend or colleague this posting describes? Let them know about the opportunity by clicking Share.
.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
