Writing Assignment #1
Content Analysis of Job Advertisements
IDS 493
Dr. Kat LaFever
Edwin Wells
In this paper I will perform a content analysis of job advertisements for the position of Security Analyst. Content analysis as defined in Merriam-Webster “is analysis of the manifest and latent content of a body of communicated material through a classification, tabulation, and evaluation of its key symbols and themes in order to ascertain its meaning and probable effect” (Merriam-Webster, n.d.). Security Analysts prepare and perform security measures which protect and recover an organizations computer network, data, and systems (U.S. Bureau of Labor Statistics, 2024). Performing this research is important because it affords an opportunity to analyze and understand important word trends and what those trends imply about a job. I will discuss the general job description of a Security Analyst and identify major trends within their advertisements. This analysis will provide valuable insight into the inevitable and imminent job search after graduation.
Upon graduation the job I plan to seek out is that of a Security Analyst within the United States government. Collectively the job title is Security Analyst, but Security Engineer and Security Specialist also describe the same role. Essentially, a Security Analyst will maintain and protect an organizations computer network, its data, and the systems that the company operates. A Security Analyst will do this through maintaining defenses such as firewalls, performing routine vulnerability checks, and developing best practice policies. This role is also involved with the organizations incident response plan which guides the response and recovery after a security breach.
The advertisements offer full-time positions with Apex Systems offering a long-term contract position, all of which I am willing to work. These job listing indicate very little travel with General Dynamics Information Technology listing the most travel at less than ten percent. I would be willing to travel for the job at less than ten percent of the time. Common job duties and responsibilities include managing vulnerabilities, maintaining compliance with cybersecurity standards, and maintaining documentation. Another major commonality is configuring, monitoring, and managing security measures to include vulnerability scans, firewalls, and SIEM. I have performed some of these responsibilities here at ODU through class work. I have also prepared for these responsibilities with earning several industry certifications.
The experience requirements range from 2 – 8 years of work experience. Much of the experience is preferred in Risk Management Frameworks implementation and maintenance. All job postings require the CompTIA Security+ certification or other IAT II level certifications. IAT II is Information Assurance Technician Level II with “responsibilities for performing intermediate information assurance functions such as configuring, maintaining, and troubleshooting security systems and devices, as well as conducting vulnerability assessments and analyzing system logs. Also being responsible for implementing security controls and mitigations to protect systems and data” (IAT, n.d.). I already have the CompTIA Security+ certification requirement as well as Linux+ which is required by General Dynamics. General Dynamics also requires the CISSP certification, which I currently do not poses but have made a goal for future career. All the advertisements require at least a Secret level of clearance. I do not have this requirement but much of the time companies will overlook such a requirement, thus I am not letting it bar my application. The salaries vary based on experience and role. Entry level positions start around $50,000 and $110,000 for more experienced applicants.
A common concept in the advertisements is technical knowledge. The advertisements all focus on general technical knowledge for vulnerability scans, security policies, and incident response. More specific technical knowledge about certain tools, such as NESSUS or McAfee, is beneficial to certain roles. My electronic portfolio should have technical knowledge displayed for employers to see. I can display my familiarity with specific tools through my coursework. This can be specifically done with my work in Wireshark, Nessus, and Linus systems. These will display my knowledge of specifies tools and vulnerability management. I will also display my industry certifications which show the required baseline technical knowledge.
In conducting a conceptual content analysis of job listings for Cyber Security Analyst positions, I categorized the data based on key themes to include job titles, required qualifications, salary ranges, and job locations. The analysis included three primary job listings from Apex Systems, General Dynamics Information Technology, and Zachary Piper Solutions.
Job titles and responsibilities indicate a focus on both operational and analytical roles within cybersecurity. Responsibilities across these positions commonly include maintaining compliance with government standards, performing vulnerability assessments, participating in incident response, and reviewing operations for risk management frameworks.
Qualifications for the job advertisements focus on experience and certifications. The minimum number of experienced years is 2 years ranging up to 8 years. These years are preferred with specific time dedicated to use of specific tools or implementation of frameworks. The listing also highlights the necessity for an active Secret security clearance. IAT II level industry certifications are sought after, with each listing including CompTIA Security+. Each job listing may also list other industry certifications which are specific for the role or organizations practices.
The salary ranges vary, depending on years of experience listed, greatly. The minimum salary offered is just around $50,000 annually and up to $110,000 annually. This not only reflects the number of years applicants are experienced but also increased responsibilities for the position.
All locations are listed on-site in Norfolk, Virginia. More specifically they are listed at Norfolk Naval Station. This suggests a concentrated demand for cybersecurity roles within government and defense sectors in the Norfolk, Virginia area.
As such, we can see trends requiring qualifications and certifications for cybersecurity roles, along with competitive salaries which increase with experience and specialization. The secret clearance requirements highlight the highly sensitive nature of such roles within government operations. The geographical concentration at military institutions reflects a strategic alignment with national defense priorities.
Performing content analysis of four job advertisements for the position of Security Analyst reveals important trends and insights that can be useful for future job applications. We can see that similar jobs can have different names but can vary widely in terms of requirements and pay depending on experience and job role within the organization. Despite not meeting the advertisements full job requirements I am not deterred in applying because I can meet the consistent requirements that are spread across many job listings. Many of those requirements are industrial certifications and technical knowledge. Although some might argue that the security clearance and years of experience weight heavily, it is known that many hiring managers will often look past these deficiencies. In conclusion, I now have a better understanding and increased confidence in applying for future positions as a Security Analyst knowing that I meet many of the trending requirements and preferences of hiring organizations.
References
IAT: Information Assurance Technician (DOD): Washington University. Technology & Leadership Center. (n.d.). https://tlcenter.wustl.edu/fdod/iat
Merriam-Webster. (n.d.). Content analysis. In Merriam-Webster.com dictionary. Retrieved September 25, 2024, from https://www.merriam-webster.com/dictionary/content%20analysis
U.S. Bureau of Labor Statistics. (2024, August 29). Information security analysts. U.S. Bureau of Labor Statistics. https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
Advertisement #1
Apex Systems – Cyber Security Specialist Jr
https://www.clearancejobs.com/jobs/7922904/cyber-security-specialist-jr
Today
Secret
Early Career (2+ yrs experience)
$50,000
No Traveling
IT – Security
Norfolk Naval Station, VA (On-Site/Office)•Norfolk, VA (On-Site/Office)
Title: Cyber Security Specialist Jr
Location: Norfolk Naval Station
Remote/On-site: on-site with remote flexibility on occasion
Duration: Long Term Contract
Shift: 4th shift (6pm-6am) Thursday-Saturday, then every other Wednesday
Pay: $24-28/hr (YOE Dependent)
Apply here: Please send your updated resume and certifications to Emma at emungo@apexsystems.com
Requirements:
HS Diploma or GED and 2+ years of relevant experience
Active Secret Clearance
IAT II Compliance (Sec+, CCNA Security, GICSP, GSEC, or CYSA+)
Preferred:
Experience with all or any of the following: McAfee SIEM, HBSS, Tenable, Redshift, PKI, IPS
Job Description:
Operate all aspects of Information Systems (IS) data availability, integrity, authentication, confidentiality, and non-repudiation.
Implement and monitor security measures for communication systems, networks, and provide advice that systems and personnel adhere to established security standards and Governmental requirements for security on these systems.
Perform other information security duties including operation Electronic Key Management System (EKMS), and maintenance of Public Key Infrastructure (PKI).
Operate Host Based Security System (HBSS), firewalls, Intrusion Prevention Systems (IPS), other point of presence security tools, Virtual Private Networks (VPNs), and related security operations.
Perform defensive cyber operation duties including, but not limited to, ensuring workstation and server compliancy with Marine Corps McAfee Host Based Security System (HBSS) requirements; identifying cybersecurity incidents using HBSS, Tenable SecurityCenter, RedSeal, McAfee Security Information and Event Manager (SIEM), and other automated tools; operating Imperva Web Application and Database firewalls; performing forensics and remedial action on cybersecurity incidents; reporting defensive cyber operations statistics.
Execute Government approved security policies, plans, and procedures; implement data network security measures; operate and monitor network intrusion detection and forensic systems; conduct IS security incident handling; support Continuity of Operations Plan/Disaster Recovery (COOP/DR) plans; and perform certification of IS and networks.
EEO Employer
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at employeeservices@apexsystems.com or 844-463-6178.
Advertisement #2
Apex Systems – Security Analyst
https://www.clearancejobs.com/jobs/7861434/security-analyst
Today
Secret
Early Career (2+ yrs experience)
$60,000 – $70,000
No Traveling
IT – Security
Camp Lejeune, NC (On-Site/Office)•Tampa, FL (On-Site/Office)•Norfolk, VA (On-Site/Office)
Security Analyst
Description:
Assist the Government Lead in daily tasks to ensure all systems have current Authorizations to Operate (ATOs).
Facilitate Assessment and Authorization (A&A) for Information Systems, data availability, integrity, authentication, confidentiality, and non-repudiation.
Through A&A review processes, ensure security measures are implemented for communication systems, networks, and provide advice that systems and personnel adhere to established security standards and Governmental requirements for security on these systems.
Develop and execute security policies, plans, and procedures. Initiate creation of A&A packages to support receipt of Authorizations to Operate (ATOs), collaborate with Engineers to gather required information for A&A packages and update A&A packages as required.
Perform lifecycle maintenance of A&A packages ensuring ATOs do not expire without proper updates. Update the appropriate documentation for Department of the Navy (DON) Application & Database Management System (DADMS) and Department of Defense Information Technology Portfolio Repository – Department of the Navy (DITPR-DON).
Submit Ports and Protocols with all supplemental documentation to DISA. Submit tickets to initiate action from Headquarters Marine Corps (HQMC) Command, Control, Communications, and Computers (C4) Cybersecurity Division (CY) for approval.
Ensure appropriate action is taken in a timely manner by appropriate point of contact (POC) within the A&A packages. Assist with validation of A&A packages as required by the Government.
Review and provide input for Operational Plan of Action and Milestones (POA&M) for submission to Authorizing Official (AO).
Review vulnerability scan data in Assured Compliance Assessment Solution (ACAS) and assist Engineers in documenting system vulnerabilities.
Experience with Department of Defense Information Assurance Program (DIACAP) and Risk Management Framework (RMF). Must have or be able to obtain Marine Corps Validator certification.
Requirements:
HS or GED
Secret Clearance
IAT II cert (sec+ preferred)
3 yrs experience with RMF and relevant experience
Advertisement #3
General Dynamics Information Technology – Cyber Security Analyst
Own your opportunity to work with the largest government agency in the nation. Make an impact by advancing the Department of Defense’s mission to keep our country safe and secure.
Job Description
Cyber Security Analyst-
The Analyst shall operate and maintain the ACAS solution, to support network and application scanning and ensure configuration assessments are conducted and incidents are resolved in accordance with the incident response table and client SOPs.
Familiar in the utilization of Tenable NESSUS Assured Compliance Asset Solution (ACAS) scanning agent and Vulnerability Remediation Asset Manager (VRAM) across seven shipboard enclaves.
-Perform Nessus vulnerability scans, Nessus agent scans, and Passive vulnerability scans.
-Installation, monitoring, testing, troubleshooting, and administration of the Nessus and Passive Vulnerability Scanner applications.
-Create ACAS queries to optimize processes, procedures, and analysis.
-Configures, optimizes, and tests vulnerability scans against new and existing Operating Systems and platforms.
-Conduct vulnerability analysis, research, and script analysis to verify potential false positives.
-Perform scan policy analysis & configuration to determine the impact of vulnerability scanning against target devices.
-Interprets, analyzes, and reports all events and anomalies in accordance with computer network directives, including initiating, responding, and reporting discovered events.
-Evaluates, tests, recommends, coordinates, monitors, and maintains cybersecurity policies, procedures, and systems, including access management for hardware, firmware, and software.
-Ensures that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards.
-Identifies security risks and exposures, determines the causes of security violations, and suggests procedures to halt future incidents and improve security.
-Develops techniques and procedures for conducting cybersecurity risk assessments and compliance audits, the evaluation and testing of hardware, firmware, and software for possible impact on system security, and the investigation and resolution of security incidents such as intrusion, frauds, attacks or leaks.
-Maintain system documentation.
Education and Experience:
-BA/BS in Cyber Security or equivalent or documented 8+ years of experience.
-2+ yrs Knowledge and experience with ACAS Security Center (SC) and Nessus Vulnerability Scanners (NVS).
-Possess understanding and experience with common cybersecurity toolsets and processes to include STIGS, CAS, IAVA Management and Implementation, and OPORD/FRAGO support.
-ATO process.
DOD RMF Configuration Management.
NIST SP800-53 and NIST SP800-37.
Qualifications:
TS/SCI eligible with POLY.
DoD 8140 IAT II certification.
Work Requirements
Years of Experience
5 + years of related experience* may vary based on technical training, certification(s), or degree
Certification
CompTIA Linux + – CompTIA
Security + – CompTIA
CISSP: Certified Information Systems Security Professional – ISC2
Travel Required
Less than 10%
Citizenship
U.S. Citizenship Required
Salary and Benefit Information
The likely salary range for this position is $72,250 – $97,750. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
View information about benefits and our total rewards program.
About Our Work
We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 30 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
Advertisement #4
Zacary Piper Solutions – Information Systems Security Engineer
https://www.clearancejobs.com/jobs/4224958/isse
Today
Top Secret
$90,000 – $100,000
Unspecified
IT – Security
Norfolk, VA (On/Off-Site)
*MUST HOLD AN ACTIVE DoD SECURITY CLEARANCE*
Zachary Piper Solutions is currently seeking an Information Systems Security Engineer (ISSE) in Norfolk, VA to join a Cyber Security Team in support of the U.S. NAVY – Commander, NAVY Installations Command (CNIC).
Responsibilities for the ISSE include:
• Implementation of the RMF process
• Configure systems following Department of Defense (DoD) A&A and C&A guidance
• Assist with conducting Security Testing & Evaluation (ST&E)
• Advise the customer through the RMF process to assist with development, modification, and review
• Provide engineering guidance based on DoD and Industry Security Best Practices, security requirements and cyber security trends and solutions
Qualifications for the ISSE include:
• 5-8 Years of direct experience in Cybersecurity Engineering or direct support related A&A/C&A process in support of DoD RMF/DIACAP
• Active DOD Secret clearance required; SSBI desired.
• CompTIA Security+ Certification Required
Compensation for the ISSE include:
• $90,000 – $110,000/Yr. based on experience
• Full Benefits: United Healthcare, Guardian Dental, VSP Vision, 401k with Voya through ADP
• PTO and Holidays
Please send resumes to Alec Turner (Divisional Recruiter) at aturner@zacharypiper.com
Keywords:
DC, District of Columbia, Washington DC, PTO, 401k, benefits, Secret Clearance, DoD Secret, Secret, Top Secret, TS, TS/SCI, DOJ, Department of Justice, Justice Management, NOMA, FISMA, DIACAP, FEDRAMP, SDLC, Software development lifecycle, Auditing, PM, PMP, Program Manager, Security Analyst, Security Assessor, ISSO, Information systems security officer, ISSE, ISSM, ISO, NIST, RMF, STIGS, STIG, eMASS, 800-53, IA, Information Assurance, Audit, Security, CISSP, vulnerability, vulnerabilities, Risk management, assessor, Oracle, Security Engineer, Security Engineering, Splunk, Splunk analyst, Splunk engineer, Splunk administrator, Splunk power user, Splunk core user, Security Operations, Mcafee, Mcafee ePO, HBSS, Nessus, security center, Firewalls, cisco, routers, switches, servers, Redhat, CentOS, Ubuntu, *nix, VMWARE, GOTS, COTS, CISSP, GCFW, GSEC, TCP/IP, Sourcefire, python, perl, bash, powershell, Power Shell, log analysis, log collection, threat detection, intrusion detection, Norfolk