Senior Information Security Analyst

Senior Information Security Analyst

Job Title Senior Information Security Analyst
Job ID Number 180091
Company General Dynamics Information Technology
Location Memphis, TN
Job Category Information Technology
Job Description General Dynamics Information Technology is a top-tier IT integrator that provides information technology, systems engineering and professional services to customers in the defense, intelligence, homeland security, federal civil and commercial sectors. With approximately 17,000 professionals worldwide, the company has the customer knowledge, domain expertise and proven performance to manage large-scale, mission-critical IT programs.

General Dynamics Information Technology has an opening for a Senior Information Security Analyst. The Analyst will provide security incident analysis in support of the IRS CSIRC operations in Memphis, TN. CSIRC Operations are based on a 24X7 schedule. The selected candidate will be required to work swing shift, mid-shift or weekends.

Responsibilities include: Security Incident Analysis, incident/intrusion source tracing, root cause analysis, remediation/resolution recommendations, IDS/HIDS configuration analysis, and others. Analyst will be responsible for analyzing alerts, tuning signatures, reporting possible compromises, and end user/desktop support.

Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.

forms Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents.
itor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.
ognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
luate firewall change requests and assess organizational risk.
municates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems.
ists with implementation of counter-measures or mitigating controls.
ures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
forms periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
pares incident reports of analysis methodology and results.
ntains current knowledge of relevant technology as assigned.
ticipates in special projects as required.


Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.

5-8 years of related experience in data security administration.
Working familiarity with Linux and Unix command line interface and associated tools such as bash, sed, awk, grep, find etc.
Understanding of the OSI model and what protocols function at what layers is a plus.
Expertise in the operation and theory behind Intrusion Detection Systems and Intrusion Prevention Systems, and familiarity with the systems currently in use at IRS including Sourcefire (Snort skills apply), ISS RealSecure, and McAfee Intrushield.
Thourough understanding of TCP/IP and the functioning of its component protocols, ability to read, analyze, and parse packet dumps using various toolsets such as tcpdump, wireshark, editpcap, etc; how they work and what they do.
Intermediate to advanced malicious code analysis capabilities.
Candidate must be skilled in both written and oral communication.

* Candidate must be a US citizen and be able to pass a public trust background investigation with the Internal Revenue Service.

* ArcSight experience a plus.
* A definite plus is a basic scripting skill for the automation of analysis in various systems using a language such as bash, Perl, Python, Ruby, or other preferred tools. Also, if candidate has the ability to develop new IDS/IPS signatures for the purposes of detecting emerging threats.
* Candidate should be able to follow the thread of an exposure, determine the level of success of the exposure, understand what the malicious code was attempting to do (either through automated sandboxing tools or manual static analysis of the malicious payload), and execute the appropriate response to the exposure.
* Candidate should possess a basic understanding of computer incident response procedures (proper collection, thorough investigation, unequivocal validation, and internal escalation) and protocols. Candidate should understand how to correctly document, triage, and respond timely to affected stakeholders in the course of daily analysis and response duties.
* Candidate should have a working knowledge of system and network exploitation, attack pathologies and intrusion techniques; denial of service attacks, man in the middle attacks, malicious code delivery techniques, fuzzing, automated network vulnerability and port scanning, botnets, password cracking, social engineering, network and system reconnaissance.
* Candidate should have knowledge of system and network administration, configuration best security practices, and configuration standards as they apply to IT security.
* Candidates with SANS GCIH or GCIA Certification preferred.


Apply Online Directly with General Dynamics Information Technology