Cyber Security Analyst

Unclassified - Bethesda, MD

posted 16 days ago

Full-time - Mid Level
Bethesda, MD

About the position

The Cybersecurity Analyst role is focused on supporting system security authorization processes in compliance with NIST RMF-related policies and requirements. The position requires a minimum of 6 years of experience and involves various responsibilities including risk analysis, system security categorization, and maintaining security posture to meet DoD RMF requirements. The analyst will work collaboratively with system and network administrators to ensure the security of IT systems and will be responsible for developing training materials and maintaining awareness of emerging threats.

Responsibilities

  • Preparation and maintenance of FIPS-199 system security categorization.
  • Preparation and maintenance of FIPS-200 system security control exceptions.
  • Analysis of risk remediation and mitigation options and strategies.
  • Development, review, and submission of Assessment & Authorization (A&A) system security packages.
  • Selection and documentation of applicable NIST 800-53 rev. 4 security controls in systems' Security Controls Traceability Matrices (SCTM).
  • Collection, development, and analysis of NIST 800-53 rev 4-related security controls artifacts.
  • Participation in and organizational oversight of Independent Verification & Validation (IV&V) activities.
  • Development of and status tracking for Plans of Action & Milestones (POA&M).
  • Performance of Continuous Diagnostics and Monitoring (CDM)-related activities.
  • Status tracking and reporting to leadership and organizational stakeholders.
  • Support the year-round work of maintaining security posture to meet DoD RMF requirements.
  • Uploading and maintenance of system security packages.
  • Plans of Action & Milestones (POA&M) entry and tracking.
  • Conduct and technology assessments, reviews, and technical inspections to identify and mitigate potential security weaknesses.
  • Work in partnership with System and Network Administrators to perform self-assessment and hardening of workstations, servers, network devices, and clinical devices.
  • Develop and maintain cybersecurity-related training materials and delivery of training for users and System Administrators (SA).
  • Proactively maintain awareness and understanding of current and emerging threats and vulnerabilities.
  • Apply security patches, IAVAs, STIGS, and updates for all assigned systems.
  • Provide support for the escalation and communication of status to agency management and internal customers.
  • Implement and manage disaster recovery and COOP plans, systems, and operations.
  • Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
  • Maintain thorough understanding of NIST 800-53 controls and document implementation in Security Controls Traceability Matrix (SCTM).
  • Oversee the monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems.
  • Ensure technical system documentation required for A&A packages are complete and clearly supports validation and ATO in accordance with system security requirements.
  • Perform comprehensive A&A tasks including package development, controls analysis, risk assessment, contingency planning, security test & evaluation, risk mitigation analysis, and technology assessments.
  • Utilize application NIST and FIPS standards and guidance documents to register and complete accreditation packages in the DISA eMASS system.
  • Lead the RMF accreditation lifecycle for assigned systems from cradle to grave, managing stakeholder engagement, lifecycle progression, schedule development, accreditation package review, submission and validation.
  • Maintain and support current and ongoing A&A packages to ensure an uninterrupted delivery of information technology systems for the organization.
  • Review regulatory security policies and develop the technical solution required to implement those requirements on servers, routers, firewalls and other LAN/WAN equipment.
  • Monitor the security posture of all networked systems and applications and take appropriate steps to quickly deal with any vulnerabilities.

Requirements

  • Minimum of 6 years of experience supporting system security authorization processes in compliance with NIST RMF-related policies and requirements.
  • Four-year college degree in Cybersecurity, Information Technology, Computer Information Systems, Computer Science, Computer Engineering, or equivalent.
  • 5+ years of technical experience related to system and/or network administration and/or cybersecurity operations.
  • Minimum certification level of CompTIA Security+ CE or equivalent certification required in accordance with DoDI 8140/DoDD 8570 requirements (IAM/IAT Level 2).
  • CISSP, CAP, CYSA, CISM, MSCE or equivalent certification required.

Nice-to-haves

  • Experience with deploying & hardening Windows Server 2012 R2, Server 2016, Server 2019.
  • Experience with Powershell, Tanium, SCAP, NMAP, SQL Developer, Forescout, and/or Splunk.
  • Large Enterprise-level IT experience with maintenance of servers, storage devices and applications.
  • Strong problem solving and critical thinking skills.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service