Information Security Analyst II

Job ID: req3204
Employee Type: exempt full-time
Division: Enterprise Information Technology
Facility: Frederick: Ft Detrick
Location: Frederick, MD USA

The Frederick National Laboratory is a Federally Funded Research and Development Center (FFRDC) sponsored by the National Cancer Institute (NCI) and operated by Leidos Biomedical Research, Inc. The lab addresses some of the most urgent and intractable problems in the biomedical sciences in cancer and AIDS, drug development and first-in-human clinical trials, applications of nanotechnology in medicine, and rapid response to emerging threats of infectious diseases.

Accountability, Compassion, Collaboration, Dedication, Integrity and Versatility; it's the FNL way.

PROGRAM DESCRIPTION

TheInformation Security and Compliance Office (ISCO) is a part of the EnterpriseInformation Technology (EIT) Directorate within Leidos Biomed. The ISCOprovides IT security auditing, engineering, and incident response support forthe Frederick National Laboratory for Cancer Research (FNLCR) and the NationalCancer Institute – Frederick. The mission of the Information SystemsProgram is to develop an enterprise-level, consolidated information technologyinfrastructure that provides exceptional IT capabilities to the FrederickNational Labs for Cancer Research (NCI-Frederick/FNLCR) in support of basic,translational, and clinical cancer and AIDS research. ISCO supports thelife cycle of information security for the scientific mission and administrativefunctions of the NCI-Frederick/FNLCR, to ensure the availability of informationsystems, protect the integrity of information, and protect the confidentialityof intellectual property and patient data.

KEY ROLES/RESPONSIBILITIES

• Assistin the responsibility for the reviewing vulnerabilities' data from multiplesources (i.e. external / internal penetration testing, internal / externalvulnerability scanning, etc.) across multiple technologies and a changingenvironment including infrastructure and applications to determine risk ratingof vulnerabilities to business assets
• Assist in improving and automating existing vulnerability management lifecycle.Including but not limited, data ingestion & normalization, compliance metricsand detections on assets
• Assist in partnering with tools and technology teams to troubleshoot, develop,select, implement, and automate appropriate security solutions to keep systemdata protected from internal and external threats
• Assist in providing support and resolution for scanning and vulnerabilityremediation reporting issues
• Assist in working with the support teams to effectively communicate the risksof identified vulnerabilities and make recommendations regarding the selectionof cost-effective security controls to mitigate identified risks
• Stay current with vulnerability information across all the products in the NCIenvironment
• Provide technical support for vulnerability management projects
• Provides analysis and validation post remediation, opportunities forimprovements and out of the box thinking for optimizations and solving roadblocks
• Perform reoccurring and on demand scanning activities of both corporate andcloud environments utilizing enterprise platform
• Assist in ensuring scan results are presented in appropriate dashboards,reports, and forwarded to other data systems as necessary
• Assist in interfacing with third-party vendors and other organizations inimproving the overall scanning process
• Working with senior staff on matters involving the security ofNCI-Frederick/FNLCR information systems
• Perform any other duties as assigned by LBR management

BASIC QUALIFICATIONS

To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:

• Possession of a bachelor’s degree from an accredited college or university (according to CHEA). Additional qualifying experience may be substituted for the required education. Foreign degrees must be evaluated for U.S. equivalency
• In addition to the education requirements, a minimum of two (2) years of related experience is required
• Workingknowledge of current and emerging security technologies such as vulnerabilitymanagement tools and related security tools. Goal and resultsoriented
• Incumbents in this position are subject to a background check and must be ableto obtain the appropriate clearance levels determined by the jobrequirements
• Ability to obtain and maintain a security clearance

PERFERRED QUALIFICATIONS

Candidates with these desired skills will be given preferential consideration:

• Highlyorganized with extensive knowledge of various security tools
• Possess highly competent documentation skills, and have effective interpersonal communication skills
• Experience reviewing requirements and supporting documentation forreporting
• Ability to adapt to changing priorities

Equal Opportunity Employer (EOE) | Minority/Female/Disabled/Veteran (M/F/D/V) | Drug Free Workplace (DFW)
#readytowork