Information Systems Security Analyst (ISSA) - Naval Surface Warfare Center

Description

The Information Systems Security Analyst (ISSA) provides cybersecurity and information assurance support to the Naval Surface Warfare Center (NSWC). The ISSA is responsible for protecting Government information systems by applying cybersecurity principles, risk management processes, and technical security controls across the system life cycle. This role supports the confidentiality, integrity, and availability of Navy networked systems and mission-critical environments.

Cybersecurity Expertise

The ISSA shall possess demonstrated knowledge and experience in the following cybersecurity domains:

• Cybersecurity principles, threats, vulnerabilities, and risk management processes
   
• Encryption algorithms, including but not limited to:
   
  • Internet Protocol Security (IPSEC)
     
  • Advanced Encryption Standard (AES)
     
  • Generic Routing Encapsulation (GRE)
     
  • Internet Key Exchange (IKE)
     
  • Message Digest 5 (MD5)
     
  • Secure Hash Algorithm (SHA)
     
  • Triple Data Encryption Algorithm (3DES)
     
• Data backup and recovery concepts and tools
   
• Disaster recovery and continuity of operations planning (COOP)
   
• Host and network access control mechanisms, including Access Control Lists (ACLs)
   
• Incident response and handling methodologies
   
• Intrusion detection methodologies and techniques
   
• Network traffic analysis methods
   
• Network protocols, including TCP/IP and the OSI model
   
• System and application security threats and vulnerabilities, including:
   
  • Buffer overflow
     
  • Cross-site scripting (XSS)
     
  • SQL injection
     
• Security architecture concepts and enterprise architecture reference models
   
• National and international cybersecurity laws, regulations, policies, and ethics
   
• Awareness of current and emerging threats and threat vectors
   
• Understanding of enterprise incident response programs, including roles and responsibilities
   
• Penetration testing principles, tools, and techniques
   

Technical Proficiency

The ISSA shall demonstrate technical expertise in the following areas:

• Computer networking concepts, protocols, and security methodologies
   
• System performance and availability monitoring
   
• System software and organizational design standards, including ISO guidelines
   
• System life cycle management principles, including software security and usability
   
• System and server administration and systems engineering concepts and methods
   
• Server and client operating systems
   
• Network security architecture concepts, including topology, protocols, and defense-in-depth strategies
   
• Network systems management principles and tools
   
• Basic system administration, network, and operating system hardening techniques
   
• Cloud computing service and deployment models, including:
   
  • Software as a Service (SaaS)
     
  • Infrastructure as a Service (IaaS)
     
  • Platform as a Service (PaaS)
     
• Cloud security strategy and architecture
   
• Data security standards, including protection of:
   
  • Personally Identifiable Information (PII)
     
  • Payment Card Information (PCI)
     
  • Protected Health Information (PHI)
     

Leadership and Management

The ISSA shall demonstrate experience and knowledge in the following leadership and governance areas:

• Information security program management and project management principles
   
• Resource management principles and techniques
   
• Risk management processes, including risk assessment and mitigation
   
• Secure acquisitions, including:
   
  • Contracting duties
     
  • Secure procurement practices
     
  • Supply chain risk management
     
• Information technology supply chain security and risk management
   
• Knowledge of applicable laws, statutes, Presidential Directives, and guidelines related to cybersecurity and privacy
   
• Understanding of organizational risk tolerance and risk management approaches
   
• Familiarity with critical IT procurement requirements
   

Key Responsibilities

• Support the security of NSWC information systems throughout the system life cycle
   
• Assist in identifying, assessing, and mitigating cybersecurity risks
   
• Support incident response, vulnerability management, and security monitoring activities
   
• Ensure compliance with applicable DoD, Navy, and Federal cybersecurity requirements
   
• Coordinate with system owners, engineers, and Government stakeholders
   
• Contribute to security documentation, assessments, and continuous monitoring activities

Requirements

• Four (4) years of experience in Cybersecurity
   
• Demonstrated experience supporting information systems in a DoD, Navy, or Federal environment
   
• Experience applying cybersecurity policies, standards, and best practices across enterprise IT systems