Job Overview:
As a Systems Security Analyst, responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security. We are seeking a highly motivated and detail-oriented Systems Security Analyst at the apprentice/entry level to join our dynamic security team. This position is ideal for individuals looking to start their career in cybersecurity and gain hands-on experience in protecting and securing our information systems. Studies an organization's current computer systems and procedures, and designs information systems solutions to help the organization operate more securely, efficiently, and effectively. Brings business and information technology (IT) together by understanding the needs and limitations of both.
Job Functional Titles:
Personnel performing this work role may also be referred to officially or unofficially as the following functional titles:
- Information Assurance (IA) Operational Engineer
- Information Assurance (IA) Security Officer
- Information Security Analyst/Administrator
- Information Security Manager
- Information Security Specialist
- Information Systems Security Engineer
- Information Systems Security Manager
- Platform Specialist
- Security Administrator
- Security Analyst
- Security Control Assessor
- Security Engineer
- CompTIA A+
- CompTIA Network+
- CompTIA Security+
- ISC2 Associate Recognition
- ISC2 Certified in Cybersecurity (CC)
- ISC2 Systems Security Certified Practitioner (SSCP)
- GIAC Security Essentials (GSEC)
- Cisco Certified Network Associate-Security (CCNA-Security)
- CompTIA Security+ (preferred)
- Certified Information Systems Security Professional (CISSP) - Associate
- Certified Ethical Hacker (CEH)
High School Diploma
Enrolled or Associate’s degree or higher from an accredited college or university.
Experience:
0-2 years of experience or enrollment/completion of Registered Apprenticeship Program.
Candidates will have fundamental understanding and exposure to the following core career elements:
Core Tasks:
- Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
- Apply security policies to meet security objectives of the system.
- Apply service-oriented security architecture principles to meet organization's confidentiality, integrity, and availability requirements.
- Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
- Ensure that the application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
- Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
- Implement specific cybersecurity countermeasures for systems and/or applications.
- Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.
- Perform cybersecurity testing of developed applications and/or systems. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
- Plan and recommend modifications or adjustments based on exercise results or system environment.
- Properly document all systems security implementation, operations, and maintenance activities and update as necessary.
- Information Assurance
- Information Systems/Network Security
- Information Technology Assessment
- Legal, Government, and Jurisprudence
- Risk Management
- Systems Testing and Evaluation
- Vulnerability Assessment
- Knowledge of systems security testing and evaluation methods.
- Knowledge of countermeasure design for identified security risks.
- Knowledge of embedded systems.
- Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
- Knowledge of how to use network analysis tools to identify vulnerabilities.
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Knowledge of cybersecurity and privacy principles. Knowledge of cyber threats and vulnerabilities.
- Knowledge of specific operational impacts of cybersecurity lapses. Knowledge of computer algorithms.
- Knowledge of encryption algorithms
- Knowledge of cryptography and cryptographic key management concepts Knowledge of database systems.
- Knowledge of installation, integration, and optimization of system components.
- Knowledge of human-computer interaction principles.
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
