3016 - Information Systems Security Analyst

Job Description

Provide cybersecurity expertise supporting enterprise environments, including risk management, incident response, threat/vulnerability mitigation, and security architecture considerations.

Key Responsibilities

• Assess/mitigate cybersecurity threats and vulnerabilities; apply risk management processes.
• Support encryption, access controls, intrusion detection, traffic analysis, and incident response/handling.
• Apply secure system/software lifecycle concepts and security architecture/enterprise reference models.
• Support continuity planning (backup/recovery, disaster recovery, COOP).
• Apply program/project management principles in support of information security program needs.

Qualifications (Citizenship, Education, Experience, Skills)

• Experience: 4+ years in Cybersecurity.
• Skills (examples explicitly called out):
• Encryption algorithms: IPSEC, AES, GRE, IKE, MD5, SHA, 3DES.
• Incident response/handling; intrusion detection; penetration testing; emerging threats.
• Network protocols and models (TCP/IP, OSI), traffic analysis, access control mechanisms (e.g., ACLs).
• System/application threat knowledge (e.g., buffer overflow, XSS, SQL injection).
• Cloud service/deployment models (SaaS/IaaS/PaaS) and cloud security strategy/architecture.
• Data security standards including PII/PCI/PHI.

Required DoD Systems, Tools, and Framework Experience

• Office tools: Ability to document, track, and report cyber work products (Attachment emphasizes deliverables like plans/processes such as incident response and continuity planning).
• Scheduling/Tracking systems: Experience supporting enterprise incident response programs/roles and performing analysis/reporting (ticketing tools not explicitly required for this LCAT in Attachment J.02).
• Security/Information handling: Knowledge of cybersecurity laws/regulations/policies/ethics; risk management; secure acquisition/supply chain risk concepts.