Job Description:
TMC Technologies is in immediate need of a Security Analyst to support ongoing development activities of critical FBI IT systems. Due to federal contract requirements, the candidate must possess a US Citizenship and an active Top-Secret clearance.
Responsibilities and qualities of the Security Analyst may include:

• Performing multiple IT Security support services associated with security functional testing, vulnerability assessments, and penetration testing; Assisting the ISSOs in evaluations of delivered software
• Conducting ongoing security functional requirements testing and security assessments of CJIS information system hardware, software, and applications, and overall system architecture to verify and validate that system security technical and operational controls are in accordance with established security policies, requirements, plans, standards, processes, and procedures
• Developing associated reports (e.g. risk and test reports), as assigned. Preparing security vulnerability and penetration testing methodologies, evaluating test data, creating assessment reports, and developing test plans and test reports as assigned
• Providing technical guidance on the establishment and use of security test tools. Reviewing and evaluating new or enhanced security assessment tools and providing evaluation and recommendation to the CIAU for their use
• Monitoring trends found in system security assessments, performing system security analyses, and recommending strategies for improving or enhancing system security through risk management, mitigation strategies, and information security best practices
• Assisting CJIS stakeholders in identifying and evaluating technical and operational security risks, threats, weaknesses, and vulnerabilities associated with CJIS information systems
• Supporting the SAA process of CJIS information systems, to verify and validate conformance to Federal and Bureau policies, regulations, FISMA compliance and standards, and meet specified security requirements. Support will parallel with EISS certification testing methodologies and strategies;
• Performing periodic mandated vulnerability assessment scans of CJIS information systems on an as-needed basis to meet mandated requirements, documenting any identified deviations, and notifying system and management personnel.
• Performing duties and responsibilities associated with network and system mapping to produce overall architecture, information flows, entry and exit points, security features, and profiles of CJIS information systems
• Providing a Security Functional, Vulnerability, and Penetration Test Schedule per fiscal year, encompassing CJIS information system security test and known, and/or mandated, security test efforts for scheduling purposes and allocation of resources. Providing a schedule on an as-assigned basis for security test efforts required through the normal change management process
• Providing presentations, briefings, and training as assigned

US Citizenship and active Top-Secret Clearance required
Minimum two (2) years of experience in:
o Professional work experience with a variety of dynamic and static application security tools to include Nessus and Nmap
o In-depth knowledge and professional work experience with at least two of the following: network mapping, web application exploitation and database reconnaissance
o Experience with information systems security risk assessments, compliance reviews, or in-depth vulnerability assessments on a variety of OS, databases, web application/services or virtualization platforms
o Experience in information system compliance with government standards and industry best practices (e.g. FedRAMP, NIST, OWASP, Common Criteria, DISA, and SANS Institute)
o Experience in the evaluation of enterprise-wide security functional testing methodologies and strategies to include technical and operational controls test through automated and manual processes.
Preferred skills and qualifications:
Associates or Bachelor’s degree
Certified Ethical Hacker (CEH)

Job Type: Full-time