HHS is seeking a Cyber Security Analyst to support our team in Cookeville, TN.
This is more of an entry level role and in it you will perform security operations, security monitoring, firewall security management, intrusion detection services, NOC and SOC support, security vulnerability, penetration testing, and Security incident and audit management.
The Security Analysis will also be responsible for IT and information security policies, system administration, network Security, firewall administration, proactive security problem solving: (1) Performing implementation, maintenance, and integration of security devices; (2) monitor, investigate, detect, resolve, and remediate network attacks, threats, and security breaches, and (3) Providing network and system security 24x7 support leveraging many years of experienced gained in this field deploying and supporting Firewalls, IDS/IPS, Content Filters, and SIEM tools; (4) Proactively find the root cause security and data breaches; (5) Proactively meet all Service Level Agreements (SLAs) regarding customer security incidents, response time, notifications, and resolution.
- Perform security operations support including monitoring, remediation, implementation, configuration, planning, staffing, encryption, and tracking in compliance with security policies and other security-related statutes, regulations, rules, and standards.
- Perform Network-Based and Host-Based Intrusion Detection Services and perform day-to-day secure operation of the customer-wide network.
- Test the susceptibility of the customer network hosts to possible attacks and implement the customer security policies.
- Conduct assessments of security controls, identify weaknesses, and track remediation activities
- Perform with Network Security Monitoring tools, network traffic analysis, and log analysis
Static and dynamic malware analysis
- Recommend and implement best practices for firewall management compliance with the customer policies.
- Perform network monitoring and intrusion detection analysis to determine attacks on the network
- Analyze network traffic and identify anomalies and information security controls for weaknesses.
- Take mitigation actions to contain the attack activities and minimize damage when a malicious activity or attack has occurred on the network
- Conduct network and system audit activities, patch audit, and compliance scan. Conduct periodic network scans to find any vulnerabilities
- Monitor the customer networks and devices for security breaches, through the use of software that detects intrusions and anomalous system behavior
- Proactively respond and resolve incidents and change request using ServiceNow to minimize impact
- Monitor, investigate, detect, resolve, and remediate attacks, threats, and security breaches
- Perform periodic network and device scans to identify and remove vulnerabilities
- Use security tools in detection, prevention, analysis of security threats, and protection measures
- Understanding of current threats and trends in Information Security
Qualifications Required Education and Experience:
- Must have a Bachelors degree in a related field and 2+ years of relevant experience. We will also accept 6+ years of relevant experience in lieu of a degree
- Must be a U.S. Citizen with the ability to obtain a Public Trust clearance
- Must have at least one year or more of specific IT security experience(this may include Cyber experience, firewall experience, or experience with Splunk, or similar).
- Must be willing to work a mid-day or night shift
- Must have technical knowledge of network and system operating system and network security in physical, virtual and cloud-based (AWS) implementations or have the ability to learn these technical skills.
- Must be able to learn how to initiate security incident response including tracking and recovery actions
- Must be able to learn how to identify weaknesses, and track remediation activities
- Must be able to learn how to perform information assurance certification and accreditation analysis, security assessments, and make recommendations to the Information System Security Managers to bring their systems into compliance.
- Must conduct assessments of security controls, identify weaknesses, and track remediation activities
- Must be able to learn familiarity with information security standards, policies and best practices
- Must be able to install, monitor, and manage security devices, including firewalls, data encryption and other security products and procedures
- Must be able to monitor and detect security changes in network and server performance.
- Must be able to detect and fix security issues in end-user devices, servers, networks, etc.
- Must be able to work and communicate to stakeholders the status of information security, inform of possible risks, and suggest ways to improve security.
- Must be able to perform incident response, security infrastructure management or monitoring services, and digital forensics
- Must be able to perform penetration testing and simulating an attack on the system to find exploitable weaknesses
- Must be able to learn how to do Network and system audit activities, patch audit, and compliance scan
- Must be able to learn security standards and frameworks which may include: NIST 800-53, NIST CSF, NIST 800-171, HIPAA, IEC 62443, IEC 80001, and/or ISO 27001
- Must be able to learn how to use: McAfee, Anti-Virus, Intrusion Detection Systems, Radius, TACACS+, Cisco ISE, IPS/IDS, Encryption, SIEM, EIQ, Web filtering
- Must be able to learn how to use Network Security Monitoring tools, network traffic analysis, log analysis, Static and dynamic malware analysis
- Must be able to learn FISMA Compliance, NIST Requirements, IT Risk Management
- Worked on complex problems where analysis of situations requires in-depth evaluation of factors.
- Experience with programming/scripting languages
- CCNA Security
- Having prior experience with NIST SP 800-37 RMF and DIACAP C&A processes
- Knowledge of Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), and Computer Security Incident Response Center (CSIRC) project
- Having experience with Log Forensic Analysis with EventLog Analyzer
- Having experience with: Syslog, log monitor and analysis tools
- Security Infrastructure Service Monitoring and Digital Forensics tools
- Having experience with Windows disk and memory forensics
- Having knowledge of ITIL and ITSM processes, functions, implementation.
- Having experience with SNMPv3/v2/v1 network management tools, including NetFlow collectors, network management tools to include Cisco Prime Infrastructure, Cisco DCNM, HP Openview, What’s Up Gold, Remedy, ServiceNow, Gigamon, Solarwinds, etc.
- Having experience working with Security Information and Event Management (SIEM) tools
SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability