Cybersecurity Systems Analyst, Intermediate
TJ Consulting Group · Hurlburt Field, FL · 3 wk ago
Information Technology$70k–$85k/yrFull-time
Overview
Level: Experienced
Position Type: Full Time
Education Level: 4 Year Degree
Salary Range: $70,000 - $85,000
About the Role
Seeking a Cybersecurity Systems Analyst, Intermediate, to work at Hurlburt Field AFB, FL. A United States Citizenship and an active TS/SCI DoD Security Clearance is required to be considered for this position.
Responsibilities
- Performs assessment and authorization coordination.
- Advises and assists the customer with Risk Management Framework (RMF) and develops a Plan of Action and Milestones for resolving network deficiencies in accordance with DODI 8510.01 and ICD 503.
- Affirms network compliance against controls listed in NIST 800-53 and creates A&A packages.
- Executes a comprehensive assessment, compliance and validation of customer networks to ensure compliance with regulations and security and standards.
- Identifies and mitigates potential shortcomings and vulnerabilities.
- Advise on network and system risks, risk mitigation courses of action, and operational.
- Performs security evaluations and vulnerability assessments using the DOD Assured Compliance Assessment Solution (ACAS), Nessus vulnerability scanning tool and Security Content Automation Protocol tool.
- Identifies applicable STIGs and performs assessments using the Security Content Automation Protocol tool.
- Liaison with network and system administrators to correct identified deficiencies.
- Scans (or review scans) for new systems and applications being introduced into the SOF environment, identifies issues, and drafts certification letters for the government.
- Liaison with the Site Integration Facility (SIF) to ensure systems and application meet the standards in the DISA Security Technical Implementation Guides (STIG).
- Knowledgeable of cyber network defense tools such as end point security, SIEM, comply to connect, etc.
- Tracks A&A status of SIE governed ISs.
- Ensures these artifacts and documentation are available in the USSOCOM-chosen automated tool.
- Advise stakeholders on the adequacy of implementation of cybersecurity requirements.
- Provide DoD & IC RMF subject matter expertise, and assist with the development and execution of the RMF program.
- Maintain, track, and validate DISN, cloud and DIA connection approval packages.
- Develop and maintain supporting documentation for new and existing networks, cloud environments, information systems and technologies as they are introduced into the SIE.
- Develop and review the A&A of SIE networks, cloud environments, systems, services, telecommunication circuits, mobile devices, portable electronic devices, hardware, and software using the DoD & IC RMF to obtain an Authority to Operate (ATO), Interim Authority to Test (IATT), or Authority to Connect (ATC).
- Perform risk and vulnerability assessments of IT and IS for authorization; prepare risk assessment reports for submission to the SCA and Authorizing Official/Designated Authorizing Official/Designated Accrediting Authority (AO/DAO/DAA) in accordance with DoD, DIA, USCYBERCOM, USSOCOM, Component Command, TSOC, and deployed forces’ policies, procedures, and regulations.
- Assist with the enforcement of A&A, as well as DoD, DIA, USSOCOM, Component Command, TSOC, and deployed forces’ connection standards for networks and systems.
- Track and maintain A&A databases, web sites and tools to ensure that networks, systems and devices are properly documented and managed from a cybersecurity perspective.
- Ensure timely notifications are made to responsible individuals and organizations in order to prevent lapses in accreditations (e.g., 30, 60, and 90 day notices).
- Develop and maintain an Information Security Continuous Monitoring (ISCM) Plan. This plan shall address ongoing awareness of information security, vulnerabilities, security controls, and threats to support organizational risk management decisions.
- Identify, assess, and advise on cybersecurity control compliance and associated risks.
- Coordinate with USCYBERCOM, DoD, DIA, NSA, DISA, and subordinate organizations to support the resolution of issues with security, A&A, connection approvals, and waiver requests.
- Perform network, cloud, information systems, hardware, software and device security authorization and assessments, as well as the application and execution of policy, including project management support services.
- Validate the patching of systems, perform validation scanning, develop Plans of Action & Milestone (POA&Ms), and report as directed by applicable policies, procedures, and regulations.
- Provide subject matter expertise for COA development and the implementation of Cybersecurity mitigation strategies.
- Develop and implement required processes, procedures, and capabilities to mitigate vulnerabilities and weaknesses for software and hardware deployment.
- Identify, implement and validate continued effectiveness of key performance parameters and applied security measures.
- Perform analytics on cybersecurity posture and provide reports to the AO/DAO and applicable stakeholders as required per ISCM and AO/DAO direction.
Qualifications
- Experience/Skills: 5+ years of progressive, relevant experience or equivalent combination of education and experience.
- Technical background with system administration experience, architecture and engineering preferred.
- Technical background in networking, identity management, Microsoft and Linux operating systems, database, and mobility.
- Working knowledge of the RMF.
- Knowledge of the Telos Xacta or Enterprise Mission Assurance Support Services (eMASS) system is desired.
- Excellent communications skill (written and oral) and interpersonal skills.
- Knowledge and experience with DoD IA processes and policies (e.g., DODI 8510.01, NIST, CNSS and other cybersecurity policies, Chairman of the Joint Chiefs of Staff Manual (CJCSM) 65101.01, Incident Response and other IA policies).
Requirements
- Must have an active TS/SCI clearance.
- Must be a US Citizen and pass a background check.
- Maintain applicable security clearance(s) at the level required by the client and/or applicable certification(s) as requested.
Benefits
- PTO
- Holiday Pay
- 401K with a 4% Match
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Group Life & AD&D
- Voluntary Life AD&D
- Short-term Disability
- Long-Term Disability
- Health Savings Account
- Flexible Spending Account (Health and Dependent)
- Critical Illness Insurance
- Accident Insurance
- Hospital Indemnity Insurance
- Employee Assistance Program (EAP)