Sr Princ Analyst, Info Securit - 160021

General Dynamics Information Technology is a top-tier IT integrator that provides information technology, systems engineering and professional services to customers in the defense, intelligence, homeland security, federal civil and commercial sectors. With 16,000 professionals worldwide, the company has the customer knowledge, domain expertise and proven performance to manage large-scale, mission-critical IT programs.

Schedules and conducts special security studies, analyses, surveys, or reviews of IT systems to assure that appropriate levels of safeguards exist to protect against perceived threats. Plans and directs the development of security criteria and guidelines for users of IT systems.



Assists in preparing comprehensive reviews and evaluations of software and systems design or modification proposals for identifying possible security risks that should be considered during further systems design and programming. Assists in reviewing final software installation and system plans for additional security risks not identified during proposal stages and recommends work process changes and general design and programming techniques to alleviate potential security problems.



Reviews specifications of all IT-related purchases to ensure they contain full consideration of security-related needs. Monitors progress toward enhanced security measures outlined in certifications. Investigates security incidents for cause and the most effective corrective actions. Monitors and evaluates changes that affect systems security.



Develops systems security policy, guidelines, and procedures for systems processing multiple applications that require differing, and often conflicting, security controls, and that are typically accessed by a large distributed user community. Develops or interprets policy and procedural controls covering physical security, application and data security, system software security, contingency planning, compliance with personnel clearance procedures, security education and training, and contractor security.



Establishes risk-management procedures and ensures that risk-management techniques are applied to all new or modified computer applications. Conducts technical network vulnerability and risk assessments.



Ensures the rigorous application of information security/information assurance policies, principles, and practices in the delivery of systems administration services for a major segment of an agency, such as a region or multi-state area. Resolves hardware/software interface and interoperability problems.



Develops and implements directives to implement high-level policy changes that impact technology resource requirements. Analyzes statutory requirements against existing directives to assess the degree of change necessary to comply with new requirements. Coordinates comments on revised directives as part of the review process and incorporates comments or resolves issues into the final directive. Analyzes feasibility studies, proposals, and in-depth analyses of current requirements and forecast trends for future needs. Keeps abreast of changing and emerging technology.



Requires BS/BA degree.

Requires 10-15 years experience.

Must have knowledge and practical experience assessing and implementing FISMA compliance measures. Assists with annual FISMA reviews.

Unique/Additional Requirements CISSP or CISM certified or other security certication a plus