Information Systems Security Analyst (ISSA) - Naval Surface Warfare Center

DescriptionThe Information Systems Security Analyst (ISSA) provides cybersecurity and information assurance support to the Naval Surface Warfare Center (NSWC). The ISSA is responsible for protecting Government information systems by applying cybersecurity principles, risk management processes, and technical security controls across the system life cycle. This role supports the confidentiality, integrity, and availability of Navy networked systems and mission-critical environments.Cybersecurity ExpertiseThe ISSA shall possess demonstrated knowledge and experience in the following cybersecurity domains:Cybersecurity principles, threats, vulnerabilities, and risk management processesEncryption algorithms, including but not limited to:Internet Protocol Security (IPSECAdvanced Encryption Standard (AESGeneric Routing Encapsulation (GREInternet Key Exchange (IKEMessage Digest 5 (MD5Secure Hash Algorithm (SHATriple Data Encryption Algorithm (3DESData backup and recovery concepts and toolsDisaster recovery and continuity of operations planning (COOP)Host and network access control mechanisms, including Access Control Lists (ACLsIncident response and handling methodologiesIntrusion detection methodologies and techniquesNetwork traffic analysis methodsNetwork protocols, including TCP/IP and the OSI modelSystem and application security threats and vulnerabilities, including:Buffer overflowCross-site scripting (XSS)SQL injectionSecurity architecture concepts and enterprise architecture reference modelsNational and international cybersecurity laws, regulations, policies, and ethicsAwareness of current and emerging threats and threat vectorsUnderstanding of enterprise incident response programs, including roles and responsibilitiesPenetration testing principles, tools, and techniquesTechnical ProficiencyThe ISSA shall demonstrate technical expertise in the following areas:Computer networking concepts, protocols, and security methodologiesSystem performance and availability monitoringSystem software and organizational design standards, including ISO guidelinesSystem life cycle management principles, including software security and usabilitySystem and server administration and systems engineering concepts and methodsServer and client operating systemsNetwork security architecture concepts, including topology, protocols, and defense-in-depth strategiesNetwork systems management principles and toolsBasic system administration, network, and operating system hardening techniquesCloud computing service and deployment models, including:Software as a Service (SaaSInfrastructure as a Service (IaaSPlatform as a Service (PaaSCloud security strategy and architectureData security standards, including protection of:Personally Identifiable Information (PIIPayment Card Information (PCIProtected Health Information (PHILeadership and ManagementThe ISSA shall demonstrate experience and knowledge in the following leadership and governance areas:Information security program management and project management principlesResource management principles and techniquesRisk management processes, including risk assessment and mitigationSecure acquisitions, including:Contracting dutiesSecure procurement practicesSupply chain risk managementInformation technology supply chain security and risk managementKnowledge of applicable laws, statutes, Presidential Directives, and guidelines related to cybersecurity and privacyUnderstanding of organizational risk tolerance and risk management approachesFamiliarity with critical IT procurement requirementsKey ResponsibilitiesSupport the security of NSWC information systems throughout the system life cycleAssist in identifying, assessing, and mitigating cybersecurity risksSupport incident response, vulnerability management, and security monitoring activitiesEnsure compliance with applicable DoD, Navy, and Federal cybersecurity requirementsCoordinate with system owners, engineers, and Government stakeholdersContribute to security documentation, assessments, and continuous monitoring activitiesRequirementsFour (4) years of experience in CybersecurityDemonstrated experience supporting information systems in a DoD, Navy, or Federal environmentExperience applying cybersecurity policies, standards, and best practices across enterprise IT systemsSecurity Clearance RequirementsMust possess an Active Secret Security ClearanceJ-18808-Ljbffr