Lead Security Analyst - Tallahassee, United States - Global Information Services

Description

Please DO NOT Apply unless YOU:

1) Are available to Start in June/July 2024 and work 100% on-site from day one.
2) have all the Required skill set and have worked as a "Lead Security Analyst (CEH, CISSP, CISA, CISM, CCNP, CCIE Security, GCIA)" in a large & Complex IT Environment. Prefer Public Sector Environment
3) can meet the min required experience
At least years of experience using information security tools to identify vulnerabilities in custom application code, commercial software, system configurations, and networks such as vulnerability scanners, endpoint detection and response (EDR) platforms, security information and event management (SIEM) solutions, firewalls, port scanners, intercept proxies, log parsers, IDS/IPS solutions etc.
At least years of combined IT, network, and security work experience with a broad range of exposure such as systems analysis, digital forensics, networking, web filters, web application vulnerability assessments, application development, database design, and/or system administration.
Experience in working with third parties to coordinate, monitor, respond to and coordinate cybersecurity threats, incidents, mitigations, and response cycles.
Experience creating, modifying, and analyzing scripts such as PowerShell and Python.
Experience creating policy, procedure, and working documents at a high level of proficiency.
Ability to communicate technical information to broad audiences verbally and in writing.
Ability to establish and maintain effective working relationships with cross functional teams.
Experience working independently and as a project team member in security administration.
Ability to contribute to the capability development and team rapport of the Department s Security Operations Center.
Experience working in a NIST Cybersecurity Framework aligned security program.
Hold active information security certifications such as: CEH, CISSP, CISA, CISM, CCNP, CCIE Security, GCIA etc.
Experience in IT security related to application development and code reviews.
Experience as a project team leader in security administration.
Experience creating automated processes.
Experience leveraging artificial intelligence in attack detection, analysis, and response processes.
Knowledge of the MITRE ATT&CK framework.
4) can provide at least 3 verifiable experience ((i.e., names, e-mail addresses, phone numbers of contact person(s), description of work performed, dates of hire, etc.) from completed and/or substantially completed jobs that closely match this request + fill out a skill Matrix
5) can agree to provide a criminal history record check. The Criminal history record checks must be conducted through the state crime bureau in each state where the consultant indicates residence, employment, education and/or training over the past ten years. YOUR STATUS WILL ALSO BE VERIFIED USING E-VERIFY SYSTEM.
6) Are able to sign a form stating submission with our company, current with Child Support obligations and Tax obligations.
7) Can come for a Mandatory F-2-F interview at your own cost OR agree to a MS Teams interview if out of town candidate.
8) have a Competitive Rate

s and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time.NOTE: GIS will utilize the U.S. Department of Homeland Security's E-Verify system to verify the employment eligibility of all persons employed during the term of the ContractNote to Consulting Companies : ANY CONSULTANT S RESUME YOU SEND ME MUST BE ON YOUR COMPANY S PAYROLL, NO H1-VISA TRANSFER, NO PRO-MARKETING, NO SISTER COMPANY RESUMES. The resume should have the DIRECT contact info and email of the candidate otherwise the candidate will NOT be considered. ALL H1 candidates including those onWOULD need to provide I-797 (no exceptions).

Each staff member assigned to this project must have a background screening that is equivalent to a Level Two (2) screening standard.

This is a fixed fee/hourly based project which is inclusive of travel, lodging, per diem expenses and all other costs associated with the completion of the associated tasks.

Education/Certifications
All Consultants must have earned a bachelor s degree in Computer Science, Management Information Systems (MIS), or other technology related field or equivalent work experience of one (1) year relevant
experience for each year of education required.

Scope of Work
Required consultant experience provided by Contractor, shall include:
At least years of experience using information security tools to identify vulnerabilities in custom application code, commercial software, system configurations, and networks such as vulnerability
scanners, endpoint detection and response (EDR) platforms, security information and event management (SIEM) solutions, firewalls, port scanners, intercept proxies, log parsers, IDS/IPS solutions etc.
At least years of combined IT, network, and security work experience with a broad range of exposure such as systems analysis, digital forensics, networking, web filters, web application vulnerability assessments, application development, database design, and/or system administration.
Experience in working with third parties to coordinate, monitor, respond to and coordinate cybersecurity threats, incidents, mitigations, and response cycles.
Experience creating, modifying, and analyzing scripts such as PowerShell and Python.
Experience creating policy, procedure, and working documents at a high level of proficiency.
Ability to communicate technical information to broad audiences verbally and in writing.
Ability to establish and maintain effective working relationships with cross functional teams.
Experience working independently and as a project team member in security administration.
Ability to contribute to the capability development and team rapport of the Department s Security Operations Center.
Experience working in a NIST Cybersecurity Framework aligned security program.

Preferred Experience:
Hold active information security certifications such as: CEH, CISSP, CISA, CISM, CCNP, CCIE Security, GCIA etc.
Experience in IT security related to application development and code reviews.
Experience as a project team leader in security administration.
Experience creating automated processes.
Experience leveraging artificial intelligence in attack detection, analysis, and response processes.
Knowledge of the MITRE ATT&CK framework.

Required Duties and Responsibilities of Consultant shall include but are not limited to:
Performs security assessments of new technologies, new applications, workstations, networks, and network devices prior to implementation.
Develops scripts, tools, and methodologies to enhance testing and analysis processes.
Assesses servers and workstations for configuration hardening.
Provides guidance on vulnerability mitigation, non-compliance, and identification and remediation of malware infestations.
Gathers and analyzes Open-Source Intelligence (OSINT) to find information disclosures and assess the Department s environment for indicators of compromise.
Communicates methods employed and findings upon completion of assessments.
Performs regular vulnerability scans and prioritizes remediations.
Submits remediation tickets to the responsible technical teams, tracks the progress to closure as per SLAs, and validates the results.
Supports monitoring, auditing functions, and application testing with creation of test plans, functional testing and identify system vulnerabilities.
Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports, and investigates possible security exceptions, updates, and maintains and
documents security controls.
Prepares status reports on security matters to develop security risk analysis scenarios and response procedures.
Provides direct support to the business and IT staff for security related issues.
Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues.
Address internal and external audits with supporting audit logs.
Creation and maintenance of security related documentation.
Security support off-hours work as required, including weekends, holidays, and 24/7 on call responsibilities.

Work Timeframes
The selected individuals will occupy a full time position, working up to 40 hours per week. Standard work times will be (or approximately) standard business hours (8a 5p Monday-Friday). Due to new hardware installations, upgrades and maintenance, weekend and/or after hours work may be required on an exception basis. We do not anticipate overtime, but if required, the pay would be the hourly rate, not time and a half.

"When replying please make sure to list your (All Inclusive) Compensation requirements ".

Note : This is a Full Time ON SITE Contract Position with NO REMOTE options allowed

# of positions = 1

ESTIMATED Start date : June/July 2024

No phone calls please.
Local Citizens are encouraged to Apply
No relocation assistance provided.
ONLY Candidates with an exact match will be contacted
Candidates should be authorized to work in the US.