Job Description Sr. Computer Security Analyst Summary The Senior Computer Security Analyst serves as a member of the system development project team to develop system security plans, document security controls and analyze vendor hardware and software products for vulnerabilities; as well as recommending security control implementation strategies in support of the Operations Information System Security Program under the Office of Information Assurance and Cyber Security. The Senior Computer Security Analyst must have experience in evaluating the adequacy and existence of security controls in order to arrive at logical and comprehensive conclusions and recommendations. Past experience must include detailed documentation and successful implementation of common security controls and solutions sufficient for a third-party reviewer or auditor to arrive at similar conclusions. Responsibilities Coordinating and working with the Operations Information System Security Manager and his staff including project managers to develop system security plans that meet requirements. Prioritization and tracking of capital projects' security related tasks. Assisting in reporting and audit preparation. Independently and, as a team member, plan, execute and document security tests and evaluations Perform analysis of in-place technical and non-technical security controls protecting information and information systems Maintaining a current understanding of company*s position on NERC-CIP and NIST standards and implementation practices. Support a sustainable infrastructure by ensuring adequate documentation of activities, including cross-training of employees as necessary Develop and execute testing plans, and report results Provide guidance and input to technical reviews of proposed projects, and the certification and accreditation process Support the Continuous Assessment and Monitoring Program Qualifications Bachelor's degree in Computer Science or related field such as Information Systems and 5+ years of related experience; or 9+ years of related experience Networking or security certifications desirable Knowledge of United States (US) Government security authorization (certification and accreditation) policies and processes Excellent written and oral communication skills, listening skills, patience, logical and sound reasoning, and problem-solving approach Demonstrated ability to clearly communicate results, findings, and recommendations Ability to meet timelines, milestones, deliverables, and provide timely status updates on assigned tasks Ability to research and maintain proficiency in tools, techniques, countermeasures, and trends in information security, computer and network vulnerabilities, data hiding, network security, and encryption Familiarity with the System Development Life Cycle and the 800 series of National Institute of Standards & Technology (NIST) Special Publications (in particular 800-37, 800-39, 800-53, 800-53A, 800-94 and 800-115) Ability to maintain multiple vulnerability assessment platforms and tools; Experience effectively performing security control testing and/or vulnerability assessments Knowledge of networking and internetworking (e.g. routing, switching etc.), computer and network device operating systems (e.g. Windows, Unix, Linux, IOS etc.), firewalls, and general security engineering concepts Knowledge of intrusion detection and/or intrusion prevention system (IDS/IPS) deployment strategies Knowledge of computer and network security incident/event auditing and analysis; Knowledge of networking and internetworking protocols and their associated vulnerabilities Knowledge of vulnerability research methodologies and sources. Able to perform successfully in a team environment; Strong organizational and information-gathering skills Advanced technical analysis experience. Technical writing and reporting experience, including managing related documentation and files Demonstrated experience and proficiency in: Penetration testing, including wired and wireless, telephonic war-dialing, social-engineering, and application security vulnerability assessments Security engineering Security incident handling, response and follow-up Security event and intrusion analysis Proficiency in applying technical and English language skills to communicate effectively via telephone, e-mail correspondence, and in-person meetings. Special Requirements: Security Clearance - This position requires confidentiality and may require passing a personnel background check pursuant to obtaining a Top Secret (Q) security clearance, for which the incumbent must qualify to hold or continue in the position. Work non-core hours as circumstances warrant. Save this job Email to a friend