Previous Job
Security Analyst
Ref No.: 17-00091
Location: REMOTE
Position Type:Full Time/Contract
Experience Level: 8 Years
Security Analyst

Who May Apply: US Citizen or Green Card; This employer participates in the e-Verify program.
Security Clearance: Low/NACI Background Investigation
Classification: Exempt

This project is for the purpose for providing cost effective security controls to protect automated systems data, defend the VA digital systems, protect infrastructure, plan and prepare for future security needs. Team will support policy for security and privacy protection across systems, networks, cloud computing, software and hardware. We will be providing Program Management, systems assessment and management, MDPP Risk Management and Working Group Support, Medical Device Isolation Architecture (MDIA) technical support, and FSS Portal and SharePoint support for more than 1,500 facilities across the country. 
The Senior Security Analyst will leverage their knowledge and familiarity with security discipline and has thorough knowledge of security principles, concepts, policy and regulations.  They will assist with the identification of risks in the security systems and work with technical experts to resolve security issues.  Assist with the identification of key concepts, factors and risks based on conversations and document these in clear and concise narrative or graphic reports. The primary responsibilities of the Security Analyst include but are not limited to the following:
  • Participate in the requirements definition process to better understand the customer needs and security levels required.
  • Performs NSOC network mapping and scans.
  • Assisting with the development of a security baseline, script testing and script development for security hardening.
  • Researching and applying patch related vulnerabilities against products for POA&M research and closures.
  • Using various vulnerability scan tools such as Gold Disk, Security Readiness Review Scripts (SRRS), Retina Scan, Client Fortify and AppScan as well as creating reports from the scans.
  • Perform basic Security audit, review of a system to highlight gaps in security compliance.
  • Assist in managing security incidents, vulnerability assessment and penetration test end to end activities.
  • Assist with the creating and recommendation of designs based on industry best practices, engineering standards and security principles.
  • Ensure security controls are implemented and operating effectively as part of solutions delivery.
  • Lifecycle management code upgrades, vulnerability patching and EOL replacement programs as needed.
  • Support the formal design documentation for security requirements.
  • Review interface control documents, analyzing security vulnerabilities between the interfaces between programs.
Required Skills and Experience:
  • Bachelors Degree in Engineering, Computer Science, Information Systems, Information Technology or other related technical discipline AND 3 years of experience with software related projects; 8 years of additional relevant experience may be considered in lieu of a degree.
  • 3 yrs. of experience in the concepts, terms, processes, policy and implementation of information security.
  • 3 yrs. of experience working directly with the Customer to solve complex problems involving a wide variety of information systems..
  • 3 yrs. of experience performing NSOC network mapping and scans.
  • Must have experience and knowledge of the latest security measures at all stages of an information system life cycle.
  • Must be able to undertsand and differentiate between critical and non critical systems and networks. 
  • Security requirements around Web Services - Web Services Description Language (WSDLs), XSD (XML Schema Definition) and XML Schema components, SOAP UI Pro.
  • Experience within an agile team and all the processes using the agile methodology for software application or service development (programs, web services, and sustainment).
  • Good knowledge in major Security Standards and Guidelines (ISO/IEC 27001, ITIL, PCI DSS).
  • Provide technical support throughout the ATO process, and remediate any findings required for ATO.
  • Analyze scans to ensure minimal data exposure and minimal data vulnerabilities and deliver a (e.g. Nessus, Secure Code Review, WASA, other scans) Scan Remediation Report.
  • Hands on analysis security troubleshooting: application, network-based forensics, and proficient with packet analysis tools like Wireshark, Opnet, etc.
  • Experience with root cause analysis, risk mitigation, security assessments, analysis of security threats, trends and architecture preferred.
  • Ability to work individually or in an agile team setting.
  • Excellent verbal and written English communication skills.
 Desired/Preferred Skills and Experience:
  • Government agency contracting experience; prefer Veterans Affairs (VBA / VHA).
  • Knowledge of HL7 - a set of international standards for transfer of clinical and administrative data between software applications used by various healthcare providers.
  • Professional Qualifications - An internationally recognized professional security certifications such as:
    • Certified Information Security Auditor (CISA)
    • Certified Information Systems Security Professional (CISSP)
    • OSSTMM Professional Security Tester (OPST)
    • SANS' Global Information Assurance Certification (GIAC)
    • GIAC Penetration Tester (GPEN)
  • Familiarity with the following process and documents:
    • FISMA documentation, including: NIST SP 800-53, Rev. 3
    • Defense Information Systems Agency (DISA) Security and Technical Implementation Guides
  • Security awareness for systems using VistA Mumps programming within the VA Healthcare environment.
Travel Requirements:
  • None.