Cybersecurity Analyst (SME)
CICONIX · Orlando, FL · 3 mo ago
On-siteInformation TechnologyFull-time
About the role
CICONIX LLC is a Veteran Owned Small Business specializing in business advisory and technical assistance for military health programs. We value exceptional people, unwavering integrity, inclusive collaboration, and enduring impact.
Responsibilities
- Support the efforts to coordinate the Certification and Accreditation (C&A) of systems in accordance with the Risk Management Framework outlined by the National Institute of Standards and Technology (NIST), DoD Instruction 8500.1.
- Support the efforts to coordinate and ensure Assess and Authorization (A&A) of systems are IAW DoD Cybersecurity (CS) A&A Risk Management Framework (RMF) process and/or Intelligence Community Directives (ICD) 503/Director of Central Intelligence Directive (DCID) 6/3 guidance, DoDI 8500.01, DoDI 8510.01 and AR 25-2.
- Provide Information Security (IS) engineering support to integrate required security characteristics and requirements into the performance objectives of the selected system.
- Support system security certifications to ensure that subject systems meet all applicable security regulations and standards and are able to complete successful certification test and evaluation events.
- Provide Information Assurance Vulnerability Management (IAVM) support to include assisting with dissemination, installation, Information Assurance Vulnerability Alerts (IAVA) reporting, and compliance procedures for IAVM.
- Provide configuration management support of IS software and hardware, maintain software licenses and ensure security related documentation is current and accessible to properly authorized individuals.
- Ensure log files and audits are maintained and reviewed for all systems and that authentication (e.g., password) policies are audited for compliance.
- Review and evaluate the security effects of changes to systems and networks, including interfaces with other ISs, and document changes.
- Ensure cybersecurity posture and accreditation boundaries are not impacted during IS support and maintenance.
- Ensure no relevant security changes have been made to invalidate any previously authorized accreditation.
- Conduct self-assessments, document validation results and generate POA&M in support of the Control Approval Chain and Package Approval Chain activities in the US Army Enterprise Mission Assurance Support Service (eMASS) online database.
- Provide independent validation and assessment support by conducting vulnerability scans, determining Security Technical Implementation Guide (STIG) checklist compliance and reviewing a variety of DoD, Army, RMF and NIST documentation to include SP, CMP, CP and other A&A artifacts to assess the cybersecurity posture of subject systems.
- Compile and analyze the results, document the results in eMASS and provide validation recommendations in support of formulating Interim Authorities to Test (IATT) and Authorities to Operate (ATO) A&A decisions.
Requirements
- Active Secret Clearance Required.
- Bachelor's degree preferred.
- DHA Medical Simulation and Training experience preferred.
- A minimum of IAT Level II certification IAW DODM 8570.01.
Qualifications
- Education: Bachelor's degree preferred.
- Certification(s): A minimum of IAT Level II certification IAW DODM 8570.01.
- Clearance: Active Secret Clearance Required.
Skills
- Knowledge of NIST and DoD cybersecurity frameworks.
- Experience with RMF and FISMA processes.
- Ability to conduct vulnerability assessments and STIG compliance checks.
- Strong communication and collaboration skills.
- Proficiency in managing and maintaining security documentation.
Benefits
Full benefit program, including: health, PTO, & 401k + contribution.
Pay
TBD
Schedule
Regular weekly hours (0700-1600)