The Security Analyst must have a diverse background in information security and have direct experience building and managing a mid-large information security program. This position requires strong communication and interpersonal skills, strong knowledge of risk management and security techniques. Individual must also have a strong understanding of network architecture, application and database security. Knowledge of applicable regulatory requirements and working experience with ISO2700X series, NIST series and Cobit standards is mandatory.
Maximum Hourly Rate: $128.00 / hr.
Information to Remember:
- Vendors may submit candidates with a lower hourly rate. Cost makes up 30% of the total score for proposed candidates.
- You can only select a single candidate for each request, regardless of dollar amount and/or the number of vendors you advertise to.
- The dollar amount of your contract will determine the number of vendors you are required to advertise to and the number of resumes you may request for review.
- Contracts $100,000 or under:
- Option A: You must select only one vendor, and will receive one resume to review.
- Option B: You may select up to five vendors and request up to three resumes from each vendor.
- Contracts over $100,000
- Option C: You must advertise to a least five vendors. You may select up to three resumes from each vendor.
Minimum Program Requirements
The vendors shown below offer resources that meet these minimum requirements:
- B.S. or B.A. Degree with five years Security Analyst experience, or a two-year Associate Degree with 12 yrs Security Analyst experience, in a mid to large size organization
- Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) Professional (CBAP) or degree program with focus on security
- Three engagements lasting more than six months in Security Analyst role
- Three engagements that the Security Analyst role exceeded $125,000
the following roles are available for Security Analysts. Please include the desired role in your request:
- Business Continuity Analyst: Responsible for developing business continuity plans, providing assistance in evaluating and recommending methods for planning the recoverability of priority services and applications. Certified Business Continuity Professional (CBCP)
- Computer/Data Forensics: Computer forensic investigation including tasks ranging from forensic imaging and analysis of computer activity to online investigations of internet websites and data recovery. Tools and investigative techniques are used to capture security incidents based on data and memory artifacts of a variety of devices.Additional skills and experience include technical expertise, tools, forensic methodology, and data storage.
- Disaster Recovery Planner: Responsible for developing disaster recovery plans for state systems and applications. Certified Business Continuity Professional (CBCP). Experience and skills in recovery strategies, analytical problem solving, cost benefits, data summary and documentation.
- Identity and Access Management Administrator: Experience and skills in access control, documentation, training, analytical problem solving, communication skills and research.
- Identity and Access Management Engineer: Experience and skills in UNIX administration, SiteMinder/Identity Manager, Sun Java Directory, LDAP Directory configuration, Microsoft ILM and Active Directory, problem solving and communications.
- LDRPS: Experience and skills in administering business continuity planning software, Certified Business Continuity Professional (CBCP)
- Network Forensics: The Network Forensics Security Analyst conducts tasks ranging from analyzing logs of network devices and firewalls to examining network flow data and packet captures. The position uses tools and investigative techniques to document the network traffic level details of security incidents based on data and logs from a variety of device as well as from packet captures. Experience and skills in technical expertise with networking protocols, routers, switches, firewalls, IDS/IPS; gathering and analysis of evidence, determining root causes; data storage for evidentiary data collection.
- Security Analysis Generalist : Experience and skills in planning, designing security policies and standards, gap analysis, executing projects and governance processes, creating and delivering reports and presentations.
- Security Architect: Provides technical security assistance with the design, installation, operation, service and maintenance of a variety of information systems. The security architect handles the complex and detailed technical work necessary to establish appropriate and reasonable security controls based on the needs of the business and organizational security requirements. Experience and skills in technical, integration and compliance support.
- Security Incident Management: Leads the response to security incidents that affect the confidentiality, integrity or availability of systems, services or data within the contracting government entity. Incident Management is responsible for the implementation and administration of incident management systems and processes to protect the data and information infrastructure for the contracting government entity as required in the Enterprise Security Incident Management Standard. Review of incident investigation processes, including isolation, eradication and recovery within the contracting government entity. Conduct investigations of security incidents in the contracting government entity and participates in the process for incident follow-up including communications, out-of-band reporting and working with compliance groups to ensure adequate measures have been taken to prevent recurrence.Experience and skills in technical expertise, pre-incident preparation, incident recording and validation, and data storage.
Vendors that offer Security Analyst candidates: