Cybersecurity Analyst - Clearance Required

Lmi Consulting - Fort Belvoir, VA

posted 2 months ago

Full-time - Mid Level
Fort Belvoir, VA
Professional, Scientific, and Technical Services

About the position

The Cybersecurity Analyst position at Fort Belvoir, VA, is a critical role focused on leading system Assess and Authorize (A&A) activities for the U.S. Army Defense Business Systems. The selected candidate will be responsible for executing duties that support the Risk Management Framework (RMF) 2.0 lifecycle, ultimately leading to successful Authority to Operate (ATO) decisions. This position requires a strong understanding of cybersecurity principles and practices, as well as the ability to work collaboratively with various stakeholders to ensure compliance with established standards and policies. The work location is primarily at the client site, with the flexibility of telework, requiring at least one visit to the Fort Belvoir office each week. In this role, the Cybersecurity Analyst will lead the development, review, and management of system A&A documentation to ensure adherence to RMF 2.0 standards. Responsibilities include administering mission assurance planning, performing risk management and testing, maintaining system accreditation status, and preparing necessary documentation in accordance with Army and DoD policies. The analyst will also evaluate system and network changes for cybersecurity impacts, conduct program oversight, and develop incident response procedures to address threats and vulnerabilities. The position requires a proactive approach to monitoring and managing cybersecurity risks, including conducting security assessments of new or modified systems and applications. The Cybersecurity Analyst will serve as a subject matter expert (SME) for SAP security-related matters, ensuring the protection of sensitive information and systems. Additionally, the analyst will be responsible for developing security assessment reports and coordinating with various teams to ensure compliance with security standards and regulations. This role is essential for maintaining the security posture of the organization and ensuring the integrity of its information systems.

Responsibilities

  • Lead the development, review and management of system Assess and Authorize documentation to ensure compliance with RMF 2.0 standards.
  • Administer mission assurance planning and implementation following DoDI 8500.2 and DoDI 8510.
  • Perform Risk Management and testing in accordance with authoritative policies and standards to maintain the information system security posture.
  • Maintain system accreditation status, develop reports, and alerts for system proponents when accreditation documentation must be updated.
  • Prepare, distribute, and maintain plans, instructions, guidance, policies, and standard operating procedures (SOPs) in accordance with Army and DoD policies and initiatives for the security of information systems, access control and authentication of users and transmitted information.
  • Review and evaluate system and network changes for cybersecurity impact on confidentiality, integrity, availability, and overall system security posture.
  • Conduct program oversight, including on-going monitoring and periodic auditing of systems and systems operations.
  • Develop, recommend, and implement incident response procedures and technologies to identify, assess, and ensure the appropriate response to threats and vulnerabilities.
  • Proactively monitor patch publishing and communicate to appropriate stakeholders for further steps.
  • Lead, support, and/or facilitate security assessments of new or modified hardware, operating systems, and software applications ensuring integration with DoD Cyber Security requirements.
  • Function as a subject matter expert (SME) and point of contact for SAP security related cyber security matters including research emerging and existing threats and vulnerabilities.
  • Develop the security assessment report (SAR) for the network enclave.
  • Conduct analysis of security incidents (i.e., Phishing, malware, account access compromises, and network intrusions).
  • Serve as a member of the Continuity of Operations (COOP) Disaster Recovery Team during COOP exercises supporting the security engineering mission essential functions (MEF) at the alternate site.
  • Coordinate with Splunk administrators to improve existing rule sets, define new rule sets, and monitor log files.

Requirements

  • Bachelor's degree, or equivalent experience
  • Must possess Security + Certification
  • SAP experience
  • DoD 8570 IAM Level III certification (CISSP, CISM, GSLC, CCISO or equivalent)
  • Must possess and maintain an active Secret Clearance
  • 7 - 10 years demonstrated experience designing, implementing, and monitoring cybersecurity solutions
  • 3 - 5 years demonstrated experience with Risk Management Framework 2.0 and the Enterprise Mission Assurance Support Service (eMASS)
  • Familiarity with the Federal Information System Controls Audit Manual (FISCAM) and RMF controls utilizing the Committee on National Security Systems (CNSS) Instruction 1253 Security Controls Assessment Procedures pursuant to NIST Special Publication 800-53
  • Experience with performing scans and/or analyses using automated tools, such as SCAP, ACAS, DISA STIG, STIGViewer, eMASSTER, and other DoD approved vulnerability scanning assessment tools.

Nice-to-haves

  • AWS cloud experience
  • Agile Certifications
  • Information Assurance Security Officer (IASO) Certification
  • Experience working for/within Army and/or DoD organizations
  • Experience with ServiceNow
  • Certification in Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP)
  • Experience administering Host Based Security System (HBSS) and/or Army Endpoint Security Solution (AESS)
  • Familiarity with security configuration of Windows and Linux operating systems
  • Familiarity with security configuration of HANA and Oracle databases.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service