Product Security Analyst 2

Contract (12 months) Published

2 months

ago CLOSED nessus ACAS SCAP Security + Supports the integration of security and resiliency into products and services throughout the lifecycle of the product/service to meet all applicable certifications and customer requirements. Supports the research, collection, interpretation, test, and analysis of technical data for system-level product security concepts in the projected operational environments to optimize effectiveness over the program lifecycle. Supports product security risk/attack surface/vulnerability analyses and security audits of applications and application stacks of various provenances. Supports the analysis, triage, aggregation, escalation, and reporting of relevant product security and anti-tamper data and other information sources for attack indicators and potential security breaches. Assists in coordination during incidents. Supports the correlation and performance of trend analysis. Analyzes malware and attacker tactics to improve detection capabilities. Prepares and presents basic technical reports and briefings. This position requires an active U.S. Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active) Basic Qualifications (Required Skills/Experience) (2-3+ years exp): Bachelor’s degree or higher ACTIVE Secret Security Clearance 3+ years’ experience in the aerospace industry Experience performing SCAP scans, ACAS scans, Nessus Scans or similar scans Preferred Qualifications: Security+ (equivalent or higher) certification Experience working on DOD or other classified government systems Position Responsibilities Include: Researches, collects, interprets, tests, and analyzes technical data for system-level product security concepts in the projected operational environments to optimize effectiveness over the program lifecycle. Performs product security risk/attack surface/vulnerability and static code analyses, dynamic code analysis, and security audits of applications and application stacks of various provenances. Analyzes, triages, aggregates, escalates, and reports relevant product security data and other information sources for attack indicators and potential security breaches. Correlates and performs trend analysis. Analyzes malware and attacker tactics to improve detection capabilities. Prepares and presents technical reports and briefings. Additional Position Responsibilities: Support various US, Foreign Military Sales and Direct Military Sales programs The Limited Information Systems Security Officer (LISSO) ensures, on behalf of the Facility Security Officer (FSO) and the Information System Security Manager (ISSM), that the requirements established in the Boeing Security Manual (BSM), the System Security Plan (SSP), and Information System Profile are followed for systems approved for classified operations. Security responsibilities for LISSOs are defined the Boeing Security Manual. The LISSO is delegated to perform ISSO responsibilities for implementing and monitoring procedures applicable to classified operations on an authorized IS. Responsibilities are limited to those identified within this letter which is established by the ISSM. Duties include, but are not limited to, the items listed below: Obtaining guidance from the ISSM in the development of an SSP. Ensuring compliance with all pertinent procedures outlined in the BSM, CSSM, IPSM, and each SSP. Developing and submitting SSP documentation to the ISSM for approval. Controlling access to the IS. This includes physical access, software access, and the validation of security clearances and NTK before allowing access to the system. Designating appropriately cleared personnel to act as escorts for visitors and maintenance personnel when they lack the appropriate clearance level, or NTK for the area being entered or visited, equipment being maintained, or information being processed. Reviewing or designating a knowledgeable person (a qualified and knowledgeable system user) to review the audit trail logs and records in accordance with the approved SSP. When changes are planned or are required for the system, the Limited-ISSO or alternate is responsible for: Initiating a revision to the SSP Submitting the revision to the Information Systems Security Ensuring sufficient lead-time for the reauthorization process to be completed before the revision is implemented for classified operations. Ensuring audit trail logs and records and review documentation are maintained and retained in accordance with the SSP Briefing authorized IS users of their individual responsibilities for safeguarding classified information and the use and protection of the equipment authorized for classified operations. Each IS user and supported person must be briefed before being granted access to an accredited IS and at least annually thereafter. These briefings will include, but are not limited to: The need for sound security practices for protecting information handled by the IS, including all input, storage, and output products. The specific security requirements associated with the IS. The security reporting requirements and procedures in the event of a system malfunction or other security incident. Maintaining an inventory of all approved hardware and software. Coordinating with the ISSM, through the assigned ISSO, to prepare and obtain approval for applicable SSPs before processing any classified information. Reporting any of the following, through the assigned ISSO, to the ISSM: All security incidents or suspected violations of approved procedures. System failure preventing sanitization of system memory or removal of classified information from an IS. Any deviations from approved procedures or knowledge of anything that could result in the compromise of classified information. Obtaining approval from the ISSM before allowing any changes to the system configuration requiring a system SSP update. Obtaining approval from the ISSM when there is a need to connect undocumented test equipment to approved systems while in a classified mode. STIG Checklist Researches, analyzes and compiles technical data to support the integration of security and resiliency into products and services throughout the lifecycle of the product/service to meet all applicable certifications and customer requirements Researches, collects, interprets, tests, and analyzes technical data for system-level product security concepts in the projected operational environments to optimize effectiveness over the program lifecycle Performs product security risk/attack surface/vulnerability analyses and security audits of applications and application stacks of various provenances. Analyzes, triages, aggregates, escalates, and reports relevant product security and anti-tamper data and other information sources for attack indicators and potential security breaches Correlates and performs trend analysis. Analyzes malware and attacker tactics to improve detection capabilities. Prepares and presents technical reports and briefings

#J-18808-Ljbffr