Cybersecurity Analyst, Fort Meade, MD, US
Cybersecurity Analyst, Fort Meade, MD, US Cherokee Nation Operational Solutions (CNOS) provides a complete line of medical equipment and supplies along with innovative office products and services to businesses and health care facilities throughout North America. Wholly owned by Cherokee Nation, Cherokee Nation Operational Solutions is part of the Cherokee Nation Businesses' family of companies. For more company information, visit our site at SUMMARY Cybersecurity Analyst will create, review, and provide recommendations on SOPs that explain how to execute client business procedures and templates IAW with the regulations, policies, guidance, and BBPs. Review business process to provide guidance. Recommend, prepare, and deliver RMF artifact document templates, which are compliant with business process requirements. Essential Duties and Responsibilities: Perpetuate client process by reviewing, submitting and tracking the status of the ATO packages.Evaluate existing mission systemsCreate, review, and provide recommendations on SOPs that explain how to execute client business procedures and templates IAW with the regulations, policies, guidance, and BBPs.Review business process to provide guidance. Recommend, prepare, and deliver RMF artifact document templates, which are compliant with business process requirements.Pull and analyze HBSS reports.Provide RMF recommendations and guidance; receive, review and assist with the preparation and delivery of RMF artifacts and documentation; and track and monitor RMF status.Respond to the increase in reporting arising from new IM/IT projects effecting network operations such as: deployments, DISA STIG compliance, increase in security requirements, desktop full disk encryption deployment, and increased IAVA Scanning.Respond to questions, taskers, and data calls from other Army or DoD agencies.Obtain commercial and/or organization specific certifications/authorizations for new or modified systems, applications, designs, equipment or installations in accordance with applicable organization standards.Identify, mitigate and resolve CS issues and concerns. Develop/contribute to guidelines/plans/policies, analyses and reviews that require CS expertise in the areas of security incident response, CS ticket assignment, tracking and response, vulnerability scans, security assessments, accreditation/certification, Program Protection Plan (PPP) evaluation, and other CS related activities and mandates.Responsible for running ACAS scans for vulnerabilities, to include testing and documenting software and hardware for both Assess Only and ATOs processes.Run ACAS & SCC Tool scans to identify vulnerabilities respond to all IAVAs, take action to comply with IAVAs and record compliance as directed.Perform remediation or imaging activities to elevate a security threat. Support may be required of, but not limited to, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), vulnerability scanning solutions, anti-virus and anti-spyware protection systems, HBSS, digital forensics, managed firewalls, web-content filtering, web proxy services, and VPN configuration and maintenance.Implement, support, and manage the RMF for AIS and networks; implement, support and manage applicable TSPs that support designated network enterprise centers or other processing centers.Ensure that all A documentation is in compliance with regulations, policies, and guidance.Develop plans to facilitate RMF requirements and monitor RMF status, so that System Owners are able to maintain required RMF documentation, including the, Authority to Operate (ATO), Authority to Connect (ATC), Certificate of Networthiness (CON), and the System Security Plan (SSP).Plan, coordinate, conduct, and document RMF validations of AIS in accordance with the standard RMF document templates, business processes, and the applicable regulations, policies, and guidance.Verify that sufficient CS controls and security requirements are applied to AIS, based on the applicable information types, in accordance with regulations and guidance. Implement new and emerging solutions for CS controls that meet requirements for CS Accreditation of AIS. Provide guidance and assistance to System Owners in matters related to A of AIS. Provide recommendations that result in AIS with non-compliant CS solutions becoming compliant with regulations and guidance and BBPs.Conduct vulnerability assessments utilizing most current approved tools, and report the findings along with recommendations for mitigation.Develop and review system security architectural designs to ensure compliance with CS and information regulatory guidance, and make change recommendations in cases where compliance is not being met.Participate in incident and spillage handling actions; monitor and track responses; and prepare incident and spillage handling reports.Provide recommended guidance to implement actions required by new CS vulnerability messages.Monitor the IAVM reporting process, track organizations IAVM reports and reports status, and provide IAVM metrics on an as-needed basis.Provide technical support on Vulnerability Assessments, perform vulnerability scans of selected systems, and provide technical support to organizations on the use of approved vulnerability scanning software packages.Perform requirements analysis for RHC-A CS educational, training, and awareness requirements and needs.Coordinate with target organizations to identify CS requirements and needs; and develop the subject areas for client education, training, and awareness events based on these identified requirements and needs.Coordinate, prepare and provide required CS educational materials to compliment periodic education, training, and awareness events.Conduct security assessments to include:- Security policy and operational procedure development- Security engineering and architecture design- Operational security management- Network security testing and evaluation- Computer security incident response- Vulnerability analysis- Malicious code analysis- Security risk assessment- Security certification and accreditation- Assess and Authorize- Risk analysis- Trending analysis- Event/Incidents analysisProvide documentation of current security state, identify security vulnerabilities, and deliver recommendations for mitigating identified risks. Supervisory/Management Authority This position will manage programs and projects. Education and/or Experience Bachelor's Degree in Computer Science, Informational Systems, or related field of study and 3 years of IT experience in a mid- to large-sized environment.Strong background in information assurance policies and procedures, software/system/enclave authorization and accreditation, development of systems/software architecture, security risk analysis, risk mitigation reporting, and vulnerability analysis and assessment Knowledge, Skills and Abilities Knowledge and expertise to perform analysis and provide solutions in areas of:- CS Regulatory Guidance- CS Program Management- Emerging CS Technologies- CS Best Business Practices- CS Risk Management- IT Security- IT Contingency Plan I COOPExtensive background in SCCM, Group Policy Management, management of Active Directory Services, operating system image management, patching and security update management.Extensive background in Assured Compliance Assessment Solution (ACAS) scans, reporting and remediation.Knowledge of eMASS (Enterprise Mission Assurance Support Service) and POA (Plan Of Action and Milestones) management within eMASS.Experience with the RMF process and RMF continuous monitoring.Experience creating and testing Continuity of Operations Plan (COOP).Experience monitoring and reviewing system security logs, System Capabilities Analytic Process (SCAP) scans and Host Based Security System (HBSS) reports.Ability to deploy applications and Operating Systems images at the request of the customer's ticket in DHA Remedy ticketing system.Ability to validate that all images deployed are vulnerability free before device is released to the end user.Ability to analyze security risk, provide risk mitigation strategies, and recommendations in order to maintain a safe risk-free network.Security + certification requiredActive Secret security clearance required WORK ENVIRONMENT This position is primarily performed in a climate-controlled office setting.With $400 million in annual revenue, 20% growth per year, approximately 950+ active contracts serving 60+ government agencies in 25 countries, 47 states, 2 territories and 2000+ employees, Cherokee Nation Businesses' (CNB) group of Federal Contracting Section 8(a) companies is well positioned to deliver expertise needed to solve complex technical issues. Federal Solutions provides an array of services for 12 of the 15 cabinet-level departments and agencies - from applications and data services to cybersecurity and national defense.Why consider Cherokee Nation and our Federal Solutions business? Here are some great resources highlighting what we do and compelling reasons for joining our team! Applicants selected will be subject to a US Government security investigation and must meet eligibility requirements for access to classified information.We are an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected Veteran status, gender identity and sexual orientation. If you'd like more information about your EEO rights as an applicant under the law, please copy and paste the links to the following two sites: EEO Statement | EEO Poster If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may email "" for assistance. This email address is for accommodation requests only and cannot be used to inquire about the application process or status.For Pay Transparency Non Discrimination provision, please copy and paste the following link: Pay Transparency Nondiscrimination Provision We maintain an Affirmative Action Plan for the purpose of proactively seeking employment and advancement for qualified protected veterans and individuals with disabilities. Upon request, we will schedule time to make our Affirmative Action Plan accessible. If you are interested, please submit a written request with the email subject line: 2018 Request to View Affirmative Action Plan to the Compliance Administrator at "" This email box is not for resumes or follow up on job applications.