System Security Analyst

Job Description

ASRC Federal Vistronix (ASRC Federal) is actively seeking a System Security Analyst to join our Denver-based team and provide security support services for computer systems for software to support for our federal customer. The successful candidate will have a solid understanding of Federal security regulations and controls and provide support to the chief information security officer (CISO) and information system security managers (ISSM) on all matters, technical and otherwise, involving the security of information systems. Most of the work will be performed virtually, but some work at the government site in Denver may occur.

Responsibilities

This position will be responsible for ISSO-related services for computer systems to provide network and computer system security oversight of all aspects of day-to-day operations, ensuring the security posture is sustained and the residual level of risk is maintained at an acceptable level as determined by the client. The ability to work with both technical and non-technical audiences is very important. Specialized experience in defining computer security requirements for high-level applications and systems, evaluation of approved security product capabilities, and developing solutions to multi-level security (MLS) problems will be a key differentiator for this position. The ability to review and document security controls in accordance with NIST 800-53 (latest revision) controls is critical for position success as is the ability to perform risk analyses and risk assessments on new and existing software applications and systems. Principal responsibilities will include but are not limited to:

• Plans and designs security solutions and capabilities that enable the organization to identify, protect, detect, respond, and recover from cyber threats and vulnerabilities.
• Defines and develops security requirements using risk assessments, threat modeling, testing, and analysis of existing systems.
• Develops security integration plans to protect existing infrastructure and to incorporate future solutions.
• Designs action plans for policy creation and governance, system hardening, monitoring, incident response, disaster recovery, and emerging cybersecurity threats.
• Work with information security concepts and applications to design and put in place security measures that protect networks and data systems from cyberattacks.
• Address the development, assessment and initiation of security systems and subsystems, and work with other IT professionals to modify, change or insert computer codes to mitigate vulnerabilities.
• Designs action plans for policy creation and governance, system hardening, monitoring, incident response, disaster recovery, and emerging cybersecurity threats.
• Partners with stakeholders to encourage the adoption of security-compatible software designs and best practices.
• Keeps abreast of the latest intelligence from Cybersecurity and Infrastructure Security Agency (CISA) and other sources of cyber threat information.

Requirements

Required Skills and Competencies

• Intermediate level experience working with Linux, OS X, UNIX and Windows operating systems
• Knowledge of networking concepts
• Scripting knowledge is a plus (g. Python, Shell, WMI, etc)
• Packet analysis knowledge
• Ability to write reports, business correspondence and procedure manuals
• Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists
• Working knowledge of the command line interface, BASH scripting, and any of the main programming languages (Python, the C family, Angular, etc.)
• Candidate must have a strong working knowledge of cyber security and a willingness to learn new concepts
• Incident analysis/handling or security certification such as GCIA, GCIH, CEH, Security+ is a plus
• Experience in an IT, information assurance or security role is a plus
• Experience with IPS/IDS, Malware, Proxy, and other security systems is a plus

Desired Skills

• Experience analyzing Splunk reports for security vulnerabilities.
• Experience with managing security controls in a commercial cloud or hybrid cloud environments.
• Understanding of network infrastructure (such as switches, routers, firewalls, servers, etc.).
• Experience working in an ITIL environment; (ITIL v3/v4 certification highly desired).
• Computer Security certificates, such as CISSP, CISSA, CISM, CompTIA Security+, Certified Ethical Hacker (CEH), highly desired.
• Experience working with a wide range of personnel, including business sponsors, product owners, government project managers, development teams, and end users at all levels of the organization.
• Prior experience as a government contractor preferred.

Education and Experience

• A Bachelor's Degree (Master's Degree Preferred) in Computer Science, Information Technology or related field or equivalent experience is preferred.
• At least three years of general IT experience, with four-plus years of experience in Information Systems Security/Information Assurance, Security Engineering, or IT Systems Administration.

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. This position is offering a pay range of $75 - $125 depending on experience, seniority, geographic locations, and other factors permitted by law. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

**COVID-19 Vaccination Requirement Statement

The COVID-19 vaccination requirement in Executive Order 14042 and FAR 52.223-99 is currently not effective. But please note that if those or other related requirements become effective, positions will require successful candidates to obtain and show proof of COVID-19 vaccination(s). ASRC Federal is an equal opportunity employer and will provide reasonable accommodation to those individuals who are unable to be vaccinated consistent with federal, state, and local law.

EEO Statement

ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.