Cyber Security Analyst/ISSO
Areté · Northridge, California, United States · 1 mo ago
Information Technology$80k–$90k/yrFull-time
About the role
Areté is seeking a full-time Cyber Security Analyst/Information Systems Security Officer to join our Northridge, CA facility. The ideal candidate will have and maintain a Top-Secret security clearance with SCI access, including a CI polygraph.
Primary Responsibilities
- Perform duties as ISSO in accordance with JSIG, RMF, and NIST 800-53.
- Develop, maintain, and update security authorization documentation including System Security Plans (SSPs), Plan of Actions and Milestones (POA&M), SCTMs, ConMon Reports, and audit logs.
- Conduct security control implementation, validation, and assessment activities.
- Perform and document system audits and risk analysis.
- Manage and execute Continuous Monitoring (ConMon) tasks to ensure compliance throughout the system lifecycle.
- Support configuration management (CM) processes with a minimum of 1-2 years direct CM experience, including review and documentation of system changes, baseline management, and change control.
- Provide incident response support, including investigation, reporting, and remediation of security events.
- Support preparation for internal and external inspections and assessments.
- Support ISSM with other duties as assigned.
Qualifications
- Active Top Secret security clearance with ability to obtain a CI polygraph.
- 1-2 years of experience performing ISSO or equivalent cybersecurity duties for classified systems.
- Demonstrated experience with JSIG, RMF, and NIST 800-53 security controls.
- Hands-on experience in security auditing, continuous monitoring, and documentation of control implementation.
- Current IAT Level II Security Certification or higher (Security+, CASP, CySA+, CISSP, GSEC).
- Solid technical knowledge on how Windows and Server operating systems are hardened.
- Experience with common information system Cyber Security tools, technologies, and STIGs (Nessus/ACAS, SCAP Compliance Checker, STIG Viewer, Microsoft Group Policy, etc.).
- Strong interpersonal skills, technical writing skills, and the ability to work autonomously and on a team.
- Strong written communication skills and the ability to document/diagram information systems and procedures.
- Must be able to lift 25 pounds.
Benefits
- Health & Wellness
- Life and Long-Term Disability (LTD)
- Vision Reimbursement
- Fitness Reimbursement
- Financial
- Company-funded 5% contribution to your 401(k) retirement plan
- Company-funded 5% contribution to your Employee Stock Ownership Plan
- Continuing Education Assistance
- Work-Life Balance
- Flexible Scheduling
- Paid Time Off (PTO)
- Paid Parental and Bereavement Leave
What We Value
- Creativity and innovation in solving challenges
- Integrity and responsibility in all actions
- Collaboration across teams and specialties
- Responsiveness in fast-paced environments
- Passion for national security and excellence
Experiences and Background We Look For
- Active Top Secret security clearance with ability to obtain a CI polygraph.
- 1-2 years of experience performing ISSO or equivalent cybersecurity duties for classified systems.
- Demonstrated experience with JSIG, RMF, and NIST 800-53 security controls.
- Hands-on experience in security auditing, continuous monitoring, and documentation of control implementation.
- Current IAT Level II Security Certification or higher (Security+, CASP, CySA+, CISSP, GSEC).
- Solid technical knowledge on how Windows and Server operating systems are hardened.
- Experience with common information system Cyber Security tools, technologies, and STIGs (Nessus/ACAS, SCAP Compliance Checker, STIG Viewer, Microsoft Group Policy, etc.).
- Strong interpersonal skills, technical writing skills, and the ability to work autonomously and on a team.
- Strong written communication skills and the ability to document/diagram information systems and procedures.
- Must be able to lift 25 pounds.
Nice to Have
- Knowledge of the Risk Management Framework is a plus.
- Experience with Security Directives, Policies, Publications and Regulations including but not limited to the NIST 800-171, NIST 800-53, JSIG and/or ICD 503.
- Experience in one or more of the following Cybersecurity tools/technologies: SIEM or Log Reduction & Analysis Tools, McAfee ePO, SCC Tool, Bitlocker, Rapid7 IDR, InsightVM.
- Technical knowledge on how Linux (RHEL 8/9) systems are configured, hardened, and managed.