Cyber Security Analyst

SEMCON provides a highly qualified, professional, and responsive technical and managerial workforce to satisfy customer requirements that support the Federal Aviation Administration (FAA)’s mission, vision, goals. SEMCON's company culture aligns enriching career experiences, growth opportunities, and collaborative engagement for all SEMCON employees resulting in a company value being greater than the sum of our parts.

We are in search of a Cyber Security Analyst to join our team working at the William J. Hughes Technical Center to conduct and analyze security assessments, perform Information Systems Security (ISS) monitoring and event detection for FAA National Airspace System (NAS) assets.

The Cyber Security Analysts will have knowledge, skills and experience in the following areas:

• Conducting/analyzing Security Assessments on various size information systems to include security testing using automated tools such as Nessus and HP WebInspect, collecting artifacts during the assessments, Experience conducting analysis of test data, reviewing security documents such as the SCD, SSP, ISCPs and SOPs, and other artifacts collected as part of the assessment
• Developing/analyzing Security Assessment Reports
• Ability to write and communicate effectively with Federal System Owners (SOs), Information System Security Officers (ISSOs), and ISS Assurance Managers
• Working with automated tools, including Nessus, HP WebInspect, MetaSploit, BurpSuite, App Detective, nMap, and Kali Linux
• Experience Testing systems, running NESSUS, WebInspect and analyzing results
• Knowledge of networking and various operating systems and networking devices, including Windows, Linux, Unix, and Solaris as well as Web Applications
• Knowledge of the system authorization process, including initial authorization and continuous monitoring
• Knowledge of system authorization documents, including the System Characterization Document (SCD), System Security Plan (SSP), Information System Contingency Plan (ISCP), and ISCP Test Plan/Results Report
• Knowledge of the Information Security Continuous Monitoring (ISCM) Process, including selection of appropriate system security requirements to be assessed during continuous monitoring
• Knowledge of NIST ISS Guidance and Federal Information Security (ISS) Policy, including the Risk Management Framework (RMF)
• Strong understanding, and knowledge of, NIST SP 800-53 rev 4 requirements and how-to tailor requirements based on agency security policies and directives
• Understanding of how Federal ISS requirements are applied during all phases of the system acquisition life-cycle, including acquisitions of Federally owned and operated systems, and Vendor owned and operated systems
• Understanding and knowledge of the FAA National Airspace System (NAS) and NAS operations
• Understanding and knowledge of NAS technical operations maintenance processes and procedures
• Understanding and technical knowledge of air traffic controls systems, including communications, navigation, surveillance, and automation systems

Excellent organizational, verbal/written communication and presentation skills are a must. Familiarity, understanding and knowledge of the FAA National Airspace System (NAS) and NAS operations is desired.

A US Associate’s Degree in a technical field, such as Engineering, Computer Science or Cybersecurity plus Security related certification (CISSP, GCED, CASP, CISA) and 5+ years of relative work experience is required, along with the ability to obtain a Secret Level Security Clearance.

SEMCON offers a competitive salary and complete benefits package which includes health benefits (medical, dental, vision, and life), 401K with a generous employer match, paid time off, and paid holidays.