Information Security Analyst III
- Employer
- Frederick National Laboratory for Cancer Research
- Location
- Frederick, MD, USA
- Start date
- Sep 17, 2020
View more
- Discipline
- Information Technology, Information/Data Security
- Required Education
- Bachelors Degree
- Position Type
- Full time
- Hotbed
- BioCapital
Job Details
KEY ROLES/RESPONSIBILITIES
The information security controls assessor will be responsible for assessing the security controls on National Cancer Institute at Frederick information systems for compliance with HHS/NIH policy and NIST and OMB guidance; and making recommendations on how to address identified weaknesses. This includes reviewing documentation, interviewing system administrators and examining system configurations to ensure controls are in place, configured properly, and functioning effectively; and producing test reports and briefing system owners, managers and authorizing officials on assessment results. The assessor will also assist in closing plans of actions and milestones closure by reviewing artifacts or re-testing controls for compliance, as necessary. The assessor will also assist in performing periodic tests of network security to ensure systems' security controls are functioning effectively in-between scheduled audits. The assessor will also provide guidance to system owners, administrators and developers on NIH security requirements and current leading practice for system security.
BASIC QUALIFICATIONS
- Possession of a bachelor's degree from an accredited college or university according to the Council for Higher Education Accreditation. (Additional qualifying experience may be substituted for the required education). Foreign degrees must be evaluated for U.S. equivalency
- A minimum of six (6) years progressively responsible job related experience. Experience must include functioning as an analyst or equivalent for compliance auditing, information security, information systems, or related
- Work independently and make decisions regarding complex issues with appropriate consultation of peers, cross-functional teams, and supervisors
- Must be able to analyze complex information, synthesize disparate data sources, and communicate effectively
- Must be able to develop technical reports and non-technical summaries and; express information in a clear, concise, and organized manner, both verbally and in writing
- Must be detail-oriented with the ability to prioritize multiple tasks/projects
- Familiarity with NIST guidance, including SP 800-53 Rev. 4, the Risk Management Framework (SP 800-37 and SP 800-39)
- Experience in assessing information systems for compliance with security control requirements (e.g., NIST SP 800-53)
- Familiarity with Linux and Windows operating systems
- Familiarity with basic networking concepts and protocols
- Familiarity with performing network scans and testing for vulnerabilities
- Must be able to obtain and maintain a clearance
PREFFERED QUALIFICATIONS
- Windows or Linux system administration experience
- Experience with nmap, scripting (Python, Bash, PowerShell, etc.), Burp Suite
- Familiarity with penetration testing methodologies
- Experience performing network or web application penetration tests
EXPECTED COMPETENCIES
- Demonstrate working knowledge of networking, storage and virtualization technologies
- Demonstrate working knowledge of standards and guidelines for Information Security published by the National Institute of Standards and Technology (NIST)
- Working knowledge and expertise required for assessing the information security aspects of information systems for compliance with regulations and directives of FISMA, and the Office of Management and Budget (OMB)
- Experience working in a scientific and/or federal environment
- Working knowledge of Windows and Linux systems
- Possess ISC2 Certified Authorization Professional (CAP) or obtain within 6 months of hire
Equal Opportunity Employer (EOE) | Minority/Female/Disabled/Veteran (M/F/D/V) | Drug Free Workplace (DFW)
#readytowork
Company
A rewarding career with global impact
Whether you’re an expert in your field or just starting out, we have a career opportunity for you. We’re always looking for people to join us in fulfilling the mission of the Frederick National Laboratory: discovery, innovation, and success in the biomedical sciences.
Our team of 2,400+ scientists, technicians, administrators, and support staff work at the forefront of basic, translational, and preclinical science, with a focus on cancer, AIDS, and other infectious diseases.
We collaborate with colleagues across the National Cancer Institute, National Institutes of Allergy and Infectious Diseases, and others throughout the National Institutes of Health. We also engage with extramural investigators in academia, government and industry.
Your path to joining our team begins with the desire to work for the only national laboratory dedicated to biomedical research. Our employees share a common desire to help make a difference in cancer research and public health concerns. As you search for a career that fits your education, skills, and abilities, explore the core values that guide us and emphasize work-life balance.
Discover why joining the Frederick National Laboratory team could be the most important career step you take
- Website
- https://frederick.cancer.gov/
- Phone
- 301-846-1000
- Location
-
8560 Progress Drive
Frederick
MD
21701
US
Get job alerts
Create a job alert and receive personalized job recommendations straight to your inbox.
Create alert