IS3 Solutions
Cyber Security Analysts
IS3 Solutions, Long Island City, New York, United States, 11101
IS3 Solutionsis seeking for the ideal candidate(s) to perform as a cyber security analysts. These analysts are needed to design a secure cloud infrastructure and manage standard cybersecurity review, response, and maintenance for the networks and software solutions currently being installed at a new facility currently undergoing construction in Harlem, New York
The analysts will coordinate efforts with the agency and external construction teams, equipment vendors, and other specialists during hardware deployment and network setup. The analyst's expertise in cloud security and risk management will help maintain network connectivity and security for newly installed IT solutions during, and after, construction, and allow lab operations to begin in accordance with agency timelines and standards.
B. Scope of Services:The cybersecurity analyst would perform a variety of services, both in-person and, if needed, remotely, including but not limited to:• Identifying and mitigating complex IT technical threats to computer systems, networks, and data.• Using technical IT tools and IT software to monitor, analyze, and defend against cyber-attacks.• Monitoring and analyzing network traffic, configuring firewalls, intrusion detection/prevention systems and conducting vulnerability assessments.• Managing and protecting endpoints such as desktops, laptops, servers, and mobile devices from malware, ransomware, and other threats.• Investigating security incidents, identifying root causes, and implementing corrective actions to prevent future occurrences.• Utilizing SIEM tools to collect, correlate and analyze security event data for threat detection and responses.• Monitoring and analyzing emerging threats, vulnerabilities, and attack vectors to proactively defend against cyber threats.• Performing Penetration testing.• Keeping abreast of the latest security, privacy, and regulatory concerns and best practices impacting third party risk management.• Advising the agency on any changes requested by third parties to security and privacy provisions of agreements or contracts.• Collaborating with IT project management and operational teams to design secure cloud infrastructure plans and services.
Experience and Organizational Capability:The contractor/cybersecurity analyst would have the following credentials, organizational capability, and/or experience:1. A bachelor's degree in information technology or Computer Science.2. An industry recognized certification within the domains of information security and privacy (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.).3. A minimum of three (3) years of experience working in an IT or computer-related field. Greater consideration will be given to contractors with greater than 5 years of experience.4. A minimum of three (3) years of hands-on technical experience in cloud administration.5. At least 1 year of experience:
o with Cloud Cybersecurity efforts and emerging technology aligned with the Risk Management Framework (RMF).o in an Information & Network Security occupation preferred.
o in a cybersecurity-related occupation preferred.
6. A minimum of three (3) years of experience in:
o applying information security and privacy fundamentals.o applying risk management frameworks such as NIST, FISMA, or ISO 27000.o SSAE 16, SOC 2, Shared Assessments, FedRAMP, and other vendor risk assessment methodologies.o Governance, Risk, and Compliance (GRC) and vendor risk management tools.o technical IT expertise in areas such as network IT protocols, IT operating systems, IT programming languages, encryption techniques, and intrusion detection systems to effectively analyze and respond to cybersecurity threats.
7. Excellent oral and written communication, ability to convey technical and security related concepts to people at all levels of the organization.8. Proficiency in the design and implementation of effective information security controls with minimal oversight.9. Acute attention to detail with a high level of data integrity and accuracy.10. Strong organizational and prioritization skills to handle multiple priorities.11. Must be able to work both on-site and, if needed, remotely
The analysts will coordinate efforts with the agency and external construction teams, equipment vendors, and other specialists during hardware deployment and network setup. The analyst's expertise in cloud security and risk management will help maintain network connectivity and security for newly installed IT solutions during, and after, construction, and allow lab operations to begin in accordance with agency timelines and standards.
B. Scope of Services:The cybersecurity analyst would perform a variety of services, both in-person and, if needed, remotely, including but not limited to:• Identifying and mitigating complex IT technical threats to computer systems, networks, and data.• Using technical IT tools and IT software to monitor, analyze, and defend against cyber-attacks.• Monitoring and analyzing network traffic, configuring firewalls, intrusion detection/prevention systems and conducting vulnerability assessments.• Managing and protecting endpoints such as desktops, laptops, servers, and mobile devices from malware, ransomware, and other threats.• Investigating security incidents, identifying root causes, and implementing corrective actions to prevent future occurrences.• Utilizing SIEM tools to collect, correlate and analyze security event data for threat detection and responses.• Monitoring and analyzing emerging threats, vulnerabilities, and attack vectors to proactively defend against cyber threats.• Performing Penetration testing.• Keeping abreast of the latest security, privacy, and regulatory concerns and best practices impacting third party risk management.• Advising the agency on any changes requested by third parties to security and privacy provisions of agreements or contracts.• Collaborating with IT project management and operational teams to design secure cloud infrastructure plans and services.
Experience and Organizational Capability:The contractor/cybersecurity analyst would have the following credentials, organizational capability, and/or experience:1. A bachelor's degree in information technology or Computer Science.2. An industry recognized certification within the domains of information security and privacy (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.).3. A minimum of three (3) years of experience working in an IT or computer-related field. Greater consideration will be given to contractors with greater than 5 years of experience.4. A minimum of three (3) years of hands-on technical experience in cloud administration.5. At least 1 year of experience:
o with Cloud Cybersecurity efforts and emerging technology aligned with the Risk Management Framework (RMF).o in an Information & Network Security occupation preferred.
o in a cybersecurity-related occupation preferred.
6. A minimum of three (3) years of experience in:
o applying information security and privacy fundamentals.o applying risk management frameworks such as NIST, FISMA, or ISO 27000.o SSAE 16, SOC 2, Shared Assessments, FedRAMP, and other vendor risk assessment methodologies.o Governance, Risk, and Compliance (GRC) and vendor risk management tools.o technical IT expertise in areas such as network IT protocols, IT operating systems, IT programming languages, encryption techniques, and intrusion detection systems to effectively analyze and respond to cybersecurity threats.
7. Excellent oral and written communication, ability to convey technical and security related concepts to people at all levels of the organization.8. Proficiency in the design and implementation of effective information security controls with minimal oversight.9. Acute attention to detail with a high level of data integrity and accuracy.10. Strong organizational and prioritization skills to handle multiple priorities.11. Must be able to work both on-site and, if needed, remotely