Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Careers At CISA
  3. Systems Security Analyst
Share:

Careers

  • Benefits & Perks
  • HireVue Applicant Reasonable Accommodations Process
  • Hiring
  • Resume & Application Tips
  • Students & Recent Graduates
  • Veteran and Military Spouses

Systems Security Analyst

CISA Systems Security Analyst

This role is responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security.

Personnel performing this work role may unofficially or alternatively be called:

  • Information Assurance Security Officer
  • Information Assurance Operational Engineer
  • Information Systems Security Engineer
  • Information Systems Security Manager
  • Information Systems Security Officer (ISSO)
  • Network Security Vulnerability Technician (NSVT)
  • Information Security Analyst / Administrator
  • Security Analyst
  • Security Engineer
  • Information Technology Specialist
  • Computer Specialist
  • System Engineer
  • Systems Security Analyst
  • Cybersecurity Specialist / Analyst
  • Senior Information Technology Systems Analyst
  • Network Field Operations

Skill Community: Cybersecurity
Category: Operate and Maintain
Specialty Area: Systems Analysis
Work Role Code: 461

Core Tasks

  • Analyze and report organizational security posture trends. (T0469)
  • Analyze and report system security posture trends. (T0470)
  • Apply security policies to meet security objectives of the system. (T0016)
  • Assess adequate access controls based on principles of least privilege and need-to-know. (T0475)
  • Assess all the configuration management (change configuration/release management) processes. (T0344)
  • Assess the effectiveness of security controls. (T0309)
  • Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements. (T0462)
  • Ensure all systems security operations and maintenance activities are properly documented and updated as necessary. (T0085)
  • Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. (T0088)
  • Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed. (T0485)
  • Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation. (T0489)
  • Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative. (T0499)
  • Plan and recommend modifications or adjustments based on exercise results or system environment. (T0187)
  • Properly document all systems security implementation, operations and maintenance activities and update as necessary. (T0194)
  • Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities. (T0526)
  • Verify and update security documentation reflecting the application/system security design features. (T0243)
  • Verify minimum security requirements are in place for all applications. (T0508)

Core Competencies

  • Computer Network Defense
  • Data Privacy and Protection
  • Encryption
  • Identity Management
  • Information Assurance
  • Information Systems/Network Security
  • Information Technology Assessment
  • Infrastructure Design
  • Legal, Government, and Jurisprudence
  • Operating Systems
  • Risk Management
  • Software Development
  • System Administration
  • Systems Integration
  • Systems Testing and Evaluation
  • Telecommunications
  • Vulnerability Assessment

Core Knowledge

  • Skill in assessing security controls based on cybersecurity principles and tenets (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.). (S0147)
  • Knowledge of Personally Identifiable Information (PII) data security standards. (K0260)
  • Knowledge of Personal Health Information (PHI) data security standards. (K0262)
  • Knowledge of encryption algorithms. (K0018)
  • Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). (K0056)
  • Skill in developing and applying security system access controls. (S0031)
  • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). (K0044)
  • Knowledge of an organization's information classification program and procedures for information compromise. (K0287)
  • Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). (K0049)
  • Knowledge of security system design tools, methods, and techniques. (K0075)
  • Knowledge of security management. (K0276)
  • Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. (K0027)
  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). (K0061)
  • Knowledge of embedded systems. (K0322)
  • Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs. (K0333)
  • Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures. (K0267)
  • Knowledge of operating systems. (K0060)
  • Knowledge of information technology (IT) risk management policies, requirements, and procedures. (K0263)
  • Knowledge of software engineering. (K0082)
  • Knowledge of various types of computer architectures. (K0227)
  • Knowledge of configuration management techniques. (K0275)
  • Knowledge of installation, integration, and optimization of system components. (K0035)
  • Skill in designing the integration of hardware and software solutions. (S0024)
  • Knowledge of systems security testing and evaluation methods. (K0290)
  • Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing). (K0093)
  • Knowledge of how to use network analysis tools to identify vulnerabilities. (K0339)
  • Skill in evaluating the adequacy of security designs. (S0036)
  • Skill in assessing security systems designs. (S0141)
  • Skill in recognizing vulnerabilities in security systems (e.g., vulnerability and compliance scanning). (S0167)

How To Apply

Join the Mission! CISA is always searching for diverse, talented and highly motivated professionals to continue its mission of securing the nation's critical infrastructure. CISA is more than a great place to work; our workforce tackles the risks and threats that matter most to the nation, our families and communities.

Please visit USAJOBS and/or the DHS Cybersecurity Service to view job announcements and apply to positions. Be sure to tailor your resume to the specific job announcement, attach relevant documents and complete all required assessments.

When applying for this cyber role, please review the information above and update your resume to align your experience with the listed competencies. Your resume must also show demonstrated IT-related experience in:

  • Attention to Detail
  • Customer Service
  • Oral Communication
  • Problem Solving

To receive email notifications when new CISA positions are announced, set up a "saved search" on USAJOBS with keyword "Cybersecurity and Infrastructure Security Agency."

Individuals eligible for special hiring authorities may also be considered during CISA's one-stop hiring events or by emailing Veterans@cisa.dhs.gov or Careers@cisa.dhs.gov.

APPLY NOW

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback