Position Classification Title: R&D Info Security Analyst,Assc
Position Classification Code: M4007
Job Family: Information Technology
Pay Level: 10
Exempt Status: Exempt
This description is intended to describe the general nature of the work being performed. It is not intended to be a complete list of specific duties of any particular position. Duties, responsibilities and bargaining unit eligibility may vary based on the specific tasks assigned to the position.
Purpose of Classification:
Provide advanced technical support for Information Assurance theoretical and technology assessments of Computer Network Operations. Monitors, evaluates, and maintains systems and procedures to protect the data systems and databases from unauthorized users. Identifies potential threats and responds to reported security violations. Determines causes of security violations and recommends corrective actions to ensure data security. Possesses and applies broad knowledge of principles, practices and procedures to the completion of moderately difficult assignments.
Standard Duties:
Support information assurance certification and accreditation testing and analysis for systems to determine vulnerabilities. Support and assist Sr. Analyst with penetration testing, threat CNO testing, information assurance protect/detect/react/respond analysis and evaluation. Provides input in defining and implementing overall security strategy, policies, and procedures. Provides input on security advice and guidance to systems engineers. Provides support in performing security audits, risk analysis, and application-level vulnerability testing and reviews. Collaborates on solutions to mitigate risks and enhance system security. Researches, recommends, and implements changes to procedures and systems to enhance data systems security. Supports security projects including requirements definition, task planning, research, testing, implementation, and management. Usually works with minimum supervision, conferring with superior on unusual matters. Assignments are broad in nature, usually requiring originality and ingenuity. Has appreciable latitude for un-reviewed action or decision. Performs miscellaneous job-related duties as assigned.
Knowledge, Skills and Abilities:
Knowledge of information security and computer network access technologies. Technical knowledge of data protection and integrity, operating systems and network security, authentication, and security protocols. Knowledge of vulnerability/survivability assessments of information technologies, threat Computer Network Operations experimentation, Information Assurance certification and accreditation, research/development, and vulnerability assessments of systems. Knowledge of supporting penetration testing, threat CNO testing, IA protect/detect/ react/respond analysis and evaluation.
Skills in supporting research and development/evolution of tools, techniques and methodologies
Ability support customers in conducting information assurance certification and accreditation testing and analysis. Ability to support customers by performing security audits, risk analysis, and application-level vulnerability testing and reviews. Ability to analyze and evaluate systems and provide recommendations and solutions. Ability to collaborate on solutions to mitigate risks and enhance system security
Minimum Qualifications:
   Education- Bachelor’s degree in a related field
   Experience- No previous work experience required
   Equivalency- None
   Departmental Requirements-
   Special Requirements-