INFORMATION SYSTEM ANALYST
The purpose of this contract is to support the Mine Safety and Health Administration (MSHA) in providing Information Security Support Services, with the mission of protecting the safety and health of the nation's miners. The Mine Safety and Health Administration (MSHA) Standardized Information System (MSIS) is a Web-based application and is supported using WebLogic to host the MSIS application. A Data Warehouse Oracle database resides on another Oracle Sun Server with Oracle data files residing on an EMC SAN attached storage device. The MSIS eGov forms are external facing which are used by the public to submit forms to MSHA electronically.
MSHA requires information security analysis, auditing, and operation support.
- Perform system vulnerability scanning and/or penetration testing in an effort to annually monitor and mitigate security vulnerabilities for MSHA’s major application. The contractor shall monitor and review system/audit logs for potential security violations, prepare and submit all required reports to the ISSO.
- Coordinate Information Systems and Security and Privacy Awareness (ISSPA) training and Role- based training activities for MSHA users
- Research and evaluate vendor demos, white papers and attending seminars for evaluation on new and existing technologies to aid the business benefit of MSHA. *Provide un-biased appraisals of technologies in order to assist in MSHAs missions.
- Remain up to date on the latest state of the art Information Technology (IT) Security tools in order to brief federal staff and possibly incorporate the latest tools to MSHA’s arsenal.
- Bachelors Degree in Computer Science or IT fields
- Over 4 years of experience in IS analysis
- Familiarity with a variety of the IT security field’s concepts, best practices, policies, and procedures.
- Extensive experience in network, database and web application security.
- Knowledgeable of the National Institute of Standards and Technology Special Publications.
- Working knowledge of vulnerability scanning and monitoring.
- In depth knowledge of application, data, and web security.
- Knowledgeable in Windows, and Sun Solaris server operating systems.
- Knowledgeable of Oracle database systems. Understanding of Privacy Act of 1974.
- Excellent verbal, written, and presentation Skills.
- Deep understanding of TCP/IP internetworking principles.
- Familiarity with various web application attack methods including: DDoS, buffer overflows, brute force techniques, among others
- Security +
- Other relevant certs - CISSP, CEH