IT Security Analyst (OIG)
Arlington, VA, United States
Overview
The purpose of this task order is to provide professional service personnel to support the OIG Office of the Executive Director, IT Operations Directorate, through subject matter expertise with project management for large complex projects related to EX/IT's mission-centric approach to IT operations focused on customer service, collaboration, and innovation.
OIG is seeking support from a contractor to assist the Government in providing project management and business analyst support services for the U.S. Department of State, Office of Inspector General (OIG). The objective is to support EX/IT and OIG program office mission needs by identifying business requirements, initiating, and managing projects, and supporting a comprehensive approach to IT across OIG. All work must conform to OIG's enterprise policies and procedures, including but not limited to IT governance and management.
Responsibilities
As the most technical member of the team, responsible for applying advanced knowledge to perform technical evaluation of IT products and services. This specifically includes test and implement operational and technical security controls to ensure compatibility with organizational standards, business rules, and mission needs
Monitor the status of tasks and projects related to the infrastructure and operations support by interfacing with the datacenter operations manager and team on all aspects of testing, design, change control, piloting and implementation of systems and applications
Compile reports, provided input to create standard operating procedures, project plans, and work breakdown structures for final implementations of approved projects as well as creates plans for operational support and provide operational support as necessary
Provide asset management of devices in conventional, stand-alone, and cloud environments
Install, configure, troubleshoot, and maintain configurations (hardware and software) to ensure their confidentiality, integrity, and availability. Manage accounts, devices, and patches/updates on Windows workstations and mobile devices. Responsible for access control, and account creation and administration
Develop PowerShell scripts to automate tasks and securely provision systems
Develop and document secure baseline configuration settings across various technologies
Develop and implement system recovery and back-up strategy
Work closely with vendors to evaluate security plans and documentation; recommend security control implementation and mitigations
Test release of products to minimize user impact and ensure compatibility
Complete vulnerability scanning and evaluation of assets and implement corrective actions
Complete review of system and application configuration settings using automated and manual methods
Work closely with information assurance support personnel to complete system security plans and documentation, support FISMA and/or FedRAMP A&A processes, implement continuous monitoring processes, and meet OIG policy requirements
Qualifications 10 years' experience of system administration and recommending and implementing security controls
Strong knowledge of systems and networking software, hardware, and networking protocols. Ability to evaluate and configure vendor products for optimal functionality and security.
Strong background in traditional and non-traditional IT infrastructure technologies and secure implementations in a Microsoft environment
Experience in host-based and network-based security tools, analyzing alerts, and initiating incident response processes
Experience with cloud environments (Infrastructure and Software as a service)
Experience in recommending and implementing security controls for non-traditional IT systems and devices to meet the desired outcome to ensure the confidentiality, integrity, and availability of systems and data.
Demonstrated experience working with security information management (SIM) and/or security information and event management (SIEM), user behavior analysis (UBA), anti-malware tools
Experience in writing customer PowerShell scripts
Understanding of threats specifically related to mobile users and mobile devices
Desired certifications: CompTIA Security+, Linux or Microsoft IT certifications
AAP/EEO Statement: DNI complies with all federal, state and local laws designed to protect employees and job applicants from discrimination based on race, religion, color, sex, parental status, national origin, age, disability, genetic information, military service, or other non-merit-based factors