DGS is currently seeking a talented Sr. Information Systems Security Analyst for our team located in Washington DC.
Responsibilities and Duties:
- The candidate will serve as a Sr. Information Systems Security Analyst on the Client’s Risk Management Framework (RMF) Team
- Interface with Security Control Assessors (SCA), System Owners and System Administrators in order to coordinate and perform complex security test data analysis, and vulnerability and compliance testing on a wide range of classified IT systems.
- Implement processes, capabilities, and techniques for vulnerability management, security, and penetration testing.
- Review and analyze security tool output and vulnerability data to identify relevant vulnerabilities; monitor external threat intelligence feeds for internal relevance.
- Work with System Owners and technical teams to prioritize and remediate identified threats and vulnerabilities; manage vulnerability life-cycle to full remediation.
- Support compliance and risk management activities, recommend security controls and corrective actions to mitigate vulnerability risks.
- Coordinate with the Program Manager to ensure vulnerability scans adhere to approved timelines in support of the Assessment and Authorization (A&A) process.
- 8 years of experience in vulnerability assessment and penetration testing.
- Extensive experience using vulnerability scanning tools (Nessus, Nexprose, Burp Suite) and vulnerability management platforms.
- Experience using common security testing and analysis tools (Metasploit, Kali Linux).
- Experience managing vulnerability management and security testing for cloud services (Amazon Web Services, Microsoft Azure, Google Cloud Platform).
- Strong understanding of cloud computing and security issues related to cloud environments.
- Strong understanding of vulnerability management and security testing practices and methodologies.
- Expert knowledge of common vulnerability frameworks (CVSS, OWASP Top 10).
- Expert knowledge of system, application, and database hardening techniques and practices.
- Experience with designing vulnerability scanning routines and standard operating procedures (SOPs) and managing vulnerability and penetration testing projects, and workstreams.
- Familiarity with ICD 503, 4300A/B/C, NIST 800-53 Rev3/Rev4, Risk Management Framework (RMF), Security Technical Implementation Guides (STIG’s), and other compliance guidelines.
- Experience using SCAP Compliance Checker, STIGS, etc;
- Attention to Detail - Is thorough when performing work.
- Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
- Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
- An ideal candidate will have a strong knowledge and background in vulnerability detection and assessment, penetration testing for large enterprises, cloud services such as Amazon Web Services (AWS), Web Application, Vulnerability, and Compliance assessments. Dev Ops experience is a plus.
TS/SCI (DHS suitability preferred)
- Required: Security+, CISSP, CEH, GPEN Certification
- Desired: OCSP, GWAPT, GXPN Certifications.
- HS Diploma and a minimum of 12 years relevant experience
- Associate and a minimum of 10 years relevant experience
- Bachelor Degree and a minimum of 8 years relevant experience
- Master’s Degree and a minimum 4 years relevant experience
- PhD and at least 2 years relevant experience
Dependable Global Solutions (DGS), a Security and Intelligence Firm, was founded in September 2004 as a privately held small business. DGS’ principle belief is that security is not a singular endeavor. Our clients require the ability to recognize, plan for, and mitigate risk in all of its various forms.
DGS specializes in IT security, mission assurance, and intelligence operations and analysis. We build, manage, and enhance our client’s ability to identify and deal with threats and attacks in near real-time
At DGS, we understand that our employees are our most valuable resource. That’s why we offer competitive compensation packages and a supportive environment with good work-life balance. In addition, we provide opportunities for growth and development so that our employees can continually develop their competencies, skills, and talents, and pursue advancement opportunities.
When you join the DGS Team you receive - Medical Insurance, Dental Insurance, Vision Insurance, Life Insurance, Short Term & Long-Term Disability, Flexible Spending Account, 401k Retirement Savings Plan with Company Match, Employee Assistance Program, Tuition and Professional Development Assistance, 529 College Savings Plan.
KEY WORKDS: ISSO, ISSM, Information Assurance, IA, NIST, FISMA, JAFAN, InfoSec, NESSUS, Pen Test