Address
Form of workBachelor's degree or equivalent experience
Minimum Experience
6
Summary
The Senior Security Analyst independently provides technical and analytical support for the Board's computer security systems. Monitors current security systems to control access to systems and detects and reports violations. Develops new security measures as needed.
Duties and Responsibilities
- Manages, maintains, documents and enhances security tools, such as ACF2, which is used to control access to the Board's centralized computer resources, the Ace security server, which is used to control access to the Board's computer resources from telephone lines, Lotus Notes, Windows, firewalls, RAS Enterprise, and other tools as the Board uses them to safeguard the FR System's information resources.
- Monitors ACF2, firewall, and other security reports regularly. Checks for and researchers violations. Informs appropriate management of any violations.
- Analyzes and assesses hardware and software to provide security fro PCs, mainframes, local and wide area networks, voice/data systems, etc. Conducts complex security risk assessments, risk certifications, software security reviews, based on FISMA requirements, changes in legislation, professional security standards, and business requirements. Recommends tools, policies and procedures to protect Board computers.
- Supports the System Information Security Officers, the Board's Information Security Committee, the security liaison officers, and the security administrator by serving on task forces and subcommittees, preparing reports and other supporting documents.
- Identifies and analyzes emerging technology for impact on Board security issues.
- Leads technical projects. Reviews the quality, accuracy, and documentation of technical work performed by other analysts. Delegates work and reviews resource utilization and project status, design approach and final products.
- Recommends emerging security systems and assesses their impact on the Board and System information systems architecture and strategic directions.
- May assist the Manager in performing supervision of project staff. Performs on-going resource allocation and assignments in order to accommodate priorities. Participates in the development of short and long-range requirements. ,Prepares input to the unit's budget and operating plan and provides technical information to others as requested.
FR-27 Minimal Qualifications
Requires excellent analytical ability and oral and written communication skills typically acquired by completion of a Bachelor's Degree in computer science or related discipline. Requires a minimum of 7 years experience working with computer security systems. Possesses expertise in emerging technologies.
FR-28 Minimal Qualifications
Requires excellent analytical ability and oral and written communication skills typically acquired by completion of a Bachelor's Degree in computer science or related discipline. Requires 8 years-experience in working with computer security systems. Requires a mastery of technical knowledge of the functions and interrelationships of the major components of automation systems and technologies, including telecommunications, operating systems, and data base management systems. Possesses expertise in emerging technologies.
Remarks:
The security architect (ICAM Architect) participates, collaborates, and contributes towards the planning, architectural design, policies, principles for network, apps/workload, device/endpoint, data, and operations of ICAM solutions. Work assignments may involve enhancing various forms of Enterprise-level Identity Systems, directories, and databases. The candidate may assist on security frameworks used for multifactor authentication, single sign-on, and the overall ICAM solutions while working with many other IT teams. Work closely with security assessment teams to ensure compliance with ICAM security standards. May work on projects related to zero trust, identity, authentication, and access management in a hybrid cloud environment. Directs the execution of the planning and implementing of architectural design, strategy, policies, principles for network, apps/workload, device/endpoint, data, and operations of ICAM solutions. Directs and/or provides technical and analytical support for the Board's computer security systems. Independently plans and implements the cybersecurity initiatives, such as Cybersecurity Executive Order directives including Zero Trust Architecture. Mentors more junior staff and/or participates in work assignments may involve enhancing various forms of Enterprise-level Identity Systems, directories, and databases as well as security frameworks used for multifactor authentication, single sign-on, and the overall ICAM solutions across the enterprise. Job involves independent research, implementations, and daily operational assignments. Strong communication (written and verbal) and interpersonal skills are essential.
Previous large-scale architecture and engineering experience with increasing responsibilities over your career. Extensive experience as a systems engineer, architect, or consultant in a government environment. Hands on experience with identity and access management technologies from leading vendors including Microsoft, Saviynt, SailPoint, CyberArk, Entra ID, Azure AD, and Okta. Knowledge of and experience with architecting solutions adhering to Credential, and Access Management (ICAM) policies, directives, and standards. Experience in the decomposition of requirements, use cases, and needs into a technical design, applying user-centric and test-driven design approaches. Demonstrated ability to work successfully in a team and independently. Self-motivated, innovative thinker with experience developing and managing a system roadmap or enhancement plan/backlog. Strong attention to detail; highly organized. Deep understanding of both cloud and on-premises infrastructure concepts, including compute resources, networking, security, load balancing, operating systems (Linux and others), web and application servers, databases, and storage. Understanding of how to architect a system for high availability and fault tolerance. Strong oral and written communication skills with the ability to tailor your messaging to technical and non-technical audiences.
Understanding of credentials, authentication and authorization principles and design alternatives. Experience implementing Windows for Hello for Business, FIDO2 authenticators, and YubiKeys for Multifactor authentication. Diverse technical experience with Active Directory, LDAP, NLTM, Kerberos, federation assurance, Azure Active Directory, identity management, privileged accounts, application development methods, cloud security, Microsoft Office 365, and security operations. Knowledge of Domains, Forests, and organizational units (OUs) along with secure object store, users, computers, and groups in a hybrid cloud environment. Experience with integrating ICAM solutions such as IGA with data access governance tools (DAG) and data catalog solutions.
Highly Desirable:
7 years of work experience as an Enterprise Architect (EA) with a focus on identity as a perimeter or related ICAM leadership role, best practice Identity Governance Administration (IGA), Identity Credentialing Access Management (ICAM) or similar experience that is directly transferable.
Security enterprise architecture mindset with business acumen
Certification and/or experience with identity governance & administration (IGA) and identity provider technologies (IdP) with Saviynt, SailPoint, Azure AD, Okta, and Entra ID, etc.
Certifications and/or Experience with Privileged Access Management (PAM) technologies including Saviynt, CyberArk, Thycotic, Symantec, etc.
Experience with FIDO2 and phishing-resistant authenticator methods such as YubiKey, windows for hello for business, etc.
Cloud Solutions Architect certifications preferred - including Azure, AWS, etc.
Certifications in CIAM, CSEIP, CISSP, or general identity management specific
Deep understanding of standards based and service-oriented architectures for Identity and Access Management (IAM)
Deep understanding of cloud capabilities for each area: Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service
Deep understanding of Zero Trust Reference Architecture
This position is hybrid, requiring a combination of telework and in-office presence in Washington, DC.
