Position Title: The Cybersecurity Analyst performs all Information Assurance (IA)/Cybersecurity (CS) procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. Specifically: SME Support to Information Systems Security Manager (ISSM)
- Maintain accreditation of customer’s test and development networks and project enclaves by applying the Risk Management Framework (RMF) in validating and certifying systems, applications and networks, and preparing accreditation packages for formal approval. Conduct and analyze vulnerability scans and configuration scans to ascertain residual risk.Evaluate system and network device configurations against DoDI 8500.2 CS Controls to ascertain the accreditation readiness of commercial (COTS) and Government (GOTS) systems, applications, and architectures.Ensure integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.Organize artifacts in Enterprise Mission Assurance Support Service (eMASS) to develop accreditation packages for approval by the Joint Staff Authorizing Official.Organize, develop, and present briefings, written summaries, and written reports incorporating narrative, tabular and/or graphic elements.
- Determine the security posture and CS accreditation readiness of systems and architectures involved in assessment of Command and Control (C2) interoperability between DoD, Coalition, COTS/GOTS tools, systems, and systems of systems.Support engineering design teams by assessing network and system security design features and making recommendations concerning overall security accreditation readiness and compliance with CS guidance and best practices.
- Support interoperability assessment teams by applying CS SME judgment to assessment criteria, metrics, and techniques; develop CS assessment objectives; and present written analysis and conclusions in all phases of analysis.
- Understanding of DHS/DoD policies and procedures, including FIPS 199, FIPS 200, NIST 800-53, DHS 4300A SSH and other applicable policies.Good understanding of RMF, NIST SP 800-53 IA Controls, eMASS, and ACAS.Ability to conduct Information Systems vulnerability assessment, risk mitigation, and Plan of Action and Milestone (POA&M) development and tracking; understanding and application of mitigation strategies, IAVAs, and IAVBs.Ability to research policies, procedures, standards, and guidance; then apply to specific conditions for protection of information and information systems.
- Five years of direct or related Information Assurance / Cybersecurity or Information Technology experience.Network and/or System Administration technical expertise with Microsoft (primarily) operating systems, Linux/Unix operating systems, Cisco products, and VMWare/virtualization.Experience with DoD and research and development ranges, such as construction, topology, or operations.Experience with wireless (802.11) protocols, wireless network scanning tools, and mobile device security.
- 5-8 years of related experience in data security administration.Certified (or capable of obtaining within six months) IAM III (e.g., CISSP, GSLC, CAP, CISM).Must have an active Top Secret security clearance.
- Must be a U.S. citizen.