COPPER RIVER ENTERPRISE SERVICES

Returning Candidate?

Senior Data Analyst

Senior Data Analyst

Job Location 
VA-Arlington
# of Openings 
2
Security Clearance 
Active Top Secret/SCI
Percentage of Travel Required 
N/A
Type 
Regular Full-Time

More information about this job

Overview

Provide security alert event configuration and management, continuous monitoring of multiple security technologies such as IDS/IPS, syslog, file integrity, vulnerability scanners, correlating and analyzing events, designing, implementing, tuning, and using ArcSight SIEM tool to detect IT security incidents, following operational processes and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents, testing new systems compatibility tenable application optimizations system monitoring and analysis, low-level programming and design of more complex features using best practices for development and ensuring effective application across the enterprise Insider threat network and host continuous monitoring, traffic analysis and intrusion detection.

 

This position is Tues – Sat, with one opening for 6:00AM-2:45PM and another opening for 6:30AM-3:15PM.

Responsibilities

  • Assist the Special Security Operations Division Chief and assigned team leader with carrying out various IT security duties in support of the Department’s information security and information assurance needs of SCI IT networks
  • Act as party responsible for implementing IC policies and standards for the protection of SCI being processed on DOS IT systems
  • Plan and conduct security accreditation reviews for initial installation of systems and networks using such capabilities as vulnerability and network analysis, VoIP and wireless network analysis, and insider threat analysis
  • Use defense measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats
  • Conduct event analysis on captured user, computer, communication, and network security events using a suite of security tools and system security features to determine security vulnerabilities, policy violations, malicious behavior, and/or conduct security incident analysis
  • Configure and monitor intrusion detection systems
  • Read, interpret, and analyze network traffic and related log files
  • Maintain insider threat network and host continuous monitoring, traffic analysis, and intrusion detection
  • Monitor and evaluate a system’s compliance with Information Technology security requirements in accordance with ICD 502/503, ICS 500-27, CNSSI 1253, and the NIST 800-53 security controls
  • Conduct regular event analysis searching for and extracting information, and incident response from suite of security tools and system security features (HBSS, IDS, Insider Threat, Anti-Virus, Firewall, System Security Logs and events, etc.)
  • Document a system’s compliance in accordance with above directives, instructions, and per the Federal Information Security Modernization Act (FISMA)
  • Provide full characterization of information system security environments, including system connectivity, in terms of administrative, technical and organizational factors concerning continuous monitoring techniques and methods, and develop risk management alternatives for securing environmental requirements and problems
  • Provide IT security technical expertise to support the operations of the Departmentwide, 24/7 security monitoring center (Computer Security Incident Response Center) that monitors specific Departmental computer and network systems operations for insider threats
  • Provide knowledgeable and capable support to ensure the complete and comprehensive monitoring of user activity on classified network to detect activity indicative of insider threat behavior
  • Provide investigative support to the Insider Threat Program via network based forensic applications and other investigative duties
  • Implement standard operating procedures to aggregate internal and third-party data sets to achieve and maintain compliance with E.O. 13587 and applicable Intelligence Community Directives and Standards
  • Perform insider threat analysis assessing the potential for and possible means of compromise
  • Perform in-depth log analysis to determine trend, patterns, and suspicious activity
  • Perform pattern analysis, trend analysis, behavior analysis and other specialized analysis
  • Develop information system risk-management alternatives and changes by applying expert judgment and ingenuity in interpreting information and providing recommendations or making decisions which impact insider threat/continuous monitoring policies and programs
  • Advise management of assessed problems relating to ongoing insider threats to organizational information security activities
  • Provide comprehensive technical reports based on analytical findings
  • Assist in the management of enterprise computer network defense systems
  • Advise management of assessed problems relating to organizational information security activities, to include insider threats and computer security incident response procedures
  • Participate in interagency working groups and committees
  • Conduct liaison with other Government agencies and/or public/private companies

Qualifications

  • Education:
    • Bachelor’s Degree, preferably in an IT field
    • 8 years of related experience minimum
    • Allowable substitutions of education and experience – the minimum education and experience will be met when the equivalencies in the below are considered:
      • Ph.D – Qualifies as 6 years of experience
      • MA/MS – Qualifies as 2 years of experience
      • AA/AS – Requires additional 3 years of experience
      • Tech-Institute/Military Training – Requires additional 4 years of experience
      • HS Diploma/GED – Requires additional 5 years of experience
    • 4 years of experience must be in data analysis, incident handling, electronic data discovery, and/or other projects related to network protection
    • 2 years of experience must be in systems security to include analysis of technical information to provide threat indicators and trends
  • Required Knowledge/Experience:
    • Experience with information system vulnerability assessment and analysis
    • Experience with incident handling and electronic data discovery
    • Experience in the correlation and analysis of events, designing, implementing, tuning, and using the ArcSight Security Information and Event Management (SIEM) tool to detect IT security incidents
    • Experience configuring and monitoring Intrusion Detection Systems (IDS) and read, interpret, and analyze network traffic and related log files
    • Experience establishing or maintaining network software parameters used for insider threat analysis; e.g., ArcSight security authorization tables, configuration definitions, file access tables
    • Experience detecting malicious insider threat activity
    • Experience analyzing and reporting information technology (IT) security alerts
    • Experience analyzing IDS alerts, system logs, and/or SQL and data warehousing
    • Experience with Microsoft Windows operating environment and administration
    • Experience documenting threat reports, assessments and briefings
  • Preferred Knowledge/Experience:
    • Certified Information Systems Security Professional (CISSP)
    • ArcSight Certified Integrator/Administrator (ACIA)
    • ArcSight Certified Security Analyst (ACSA)
    • Microsoft Certified Systems Engineer (MCSE)
    • Microsoft Certified IT Professional (MCITP)
    • GIAC Certified Incident Handler (GCIH)
    • Certified Ethical Hacker (CEH)
    • Comp TIA Security+
    • SANS GIAC GCIA
    • Intrusion Analyst Certification or Forensics Analyst Certification
    • Certified Authorization Professional (CAP)
    • Microsoft Certified Solutions Associate (MCSA)
    • Microsoft Technology Associate (MTA)

Other Responsibilities

  • Perform other tasks consistent with the goals and objectives of the department/contract
  • Perform other duties as assigned bySr Program Executive

Invest in a company that invests in you! Copper River provides its employees with ample opportunities for career growth and development. Tuition reimbursement is offered to help employees further their education and skillset. Other perks include Open Leave, 401k matching with immediate vesting, Medical, Vision, and Dental coverage.

 

EEO/AA Employer Minorities/Females/Vets/Disability

 

Disclaimer: The above statements are intended to describe the general nature and level of work performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.