The National Academy of Sciences, National Academy of Engineering, and National Academy of Medicine work together as the National Academies of Sciences, Engineering, and Medicine to provide independent, objective analysis and advice to the nation and conduct other activities to solve complex problems and inform public policy decisions. The National Academies also encourage education and research, recognize outstanding contributions to knowledge, and increase public understanding in matters of science, engineering, and medicine.
The mission of Information and Technology Services (ITS) is to enable the National Academies to deliver the highest quality products to its clients by providing information technology solutions to National Academies staff, study volunteers, and Academy members.
The Information Systems Security Analyst provides expertise in a broad range of Information Security disciplines. Areas of concentration include security monitoring, network-based and web application-based vulnerability scanning, anti-virus management, patch management, forensic support, and intrusion detection. Actively reviews, monitors, and tracks security alerts and threats against National Academies’ networks, and conducts vulnerability assessments.
Primary duties are related to organization-wide information technology (IT) security function(s). Performs work requiring advanced knowledge to develop new systems or approaches or modify existing systems and processes, often involving multiple phases and significant collaboration. Applies in-depth technical knowledge to independently and innovatively solve a full range of complex and sometimes unusual problems that impact organizational success. Brings industry-level expertise to function, and recommends changes to remain up-to-date or competitive. Establishes processes and procedures to ensure the effective and efficient operation of a complex function. Work is highly technical and confidential.
ESSENTIAL JOB DUTIES:
1. Monitors malicious traffic outside perimeter. Performs external and internal penetration tests to detect system intrusions and analyzes networks to ensure the security of the National Academies’ technology infrastructure.
2. Conducts research on latest security threats and develops Indicators of Compromise (IOC) for the detection of potential security patterns and anomalies associated with infected systems.
3. Monitors and analyzes network traffic, IDS alerts, network and system logs, and available open source information to detect and report threats to the National Academies.
4. Performs forensic and incident response to include security event monitoring and analysis, security incident handling, incident reporting, and threat analysis.
5. Analyzes malware in support of incident analysis and response.
6. Monitors, understands, and utilizes security advisories from Computer Emergency Response Team (CERT) and manufacturers’ security advisories and makes appropriate recommendations for protecting National Academies’ computing infrastructure.
7. Maintains a database of new computer viruses. Detects, eradicates, and updates virus footprint signatures. Determines type of incident (hoax versus true incident or alert). Develops anti-virus policies and procedures. Assesses vulnerability and recommends corrective action and patches.
8. Monitors market for information security developments. Evaluates, recommends, and implements security-related products.
9. Provides technical analysis, design, and implementation support for various security applications, technologies, and products. Writes analytical reports, documents results, and makes recommendations. Conducts user-education to increase staff awareness.
REQUIRED KNOWLEDGE, SKILLS, AND ABILITIES:
Technical expertise in systems administration and security tools, combined with knowledge of security practices and procedures. In depth knowledge and experience with TCP/IP, Microsoft operating systems and networks. Familiarity with common scripting languages like perl and/or python. Understanding of common malware concepts like x86 logic structures, PE headers, DLL interactions, API hooking, etc. Ability to analyze PCAP information and identify security anomalies, session flow information, threat indicators associated with CnC and malware infections, as well as network troubleshooting. Ability to solve intellectual problems of substantial variety and complexity using originality and ingenuity. Ability to serve as a resource to others in the resolution of complex problems. Ability to use substantial latitude for independent decision making and action. Experience working in complex environments with a high degree of organizational effectiveness. Ability to successfully work in a team environment. Ability to develop relationships with co-workers and employees in other National Academies’ departments. Excellent communication skills with a proven ability to effectively interact with all levels of employees.