Compliance and Assessment Analyst

About The Position

Requirements

• Certification: Applicable Intermediate DoD 8140 or DoD 8570 Certification that meets DCDC CORA Reviewer guidelines
• Experience: 5+ years of related experience
• Required Skills: Excellent interpersonal and leadership skills (e.g., ownership, curiosity, good judgment, respectfulness, integrity, flexibility, honesty, etc.), outstanding oral and written communication skills, good organizational skills, ability to both work in a team and work independently.
• Strong understanding of vulnerabilities, exploits, and practical working knowledge of Department of War (DoW) Cybersecurity programs.
• Strong understanding of POA&Ms, STIGs, IAVAs, etc.
• Ability to read, understand, and communicate DoW Cybersecurity orders, policies, and procedures.
• Basic familiarity with a wide variety of IT technologies (e.g., servers, physical and virtual clients, applications, networking devices, virtual infrastructure, etc.).
• Basic familiarity with a wide range of cybersecurity tools (e.g., Trellix, Assured Compliance Assessment Solution [ACAS]/Tenable, RMF Processes (e.g., eMASS), Splunk, etc.).
• Ability to provide technical and/or cybersecurity subject matter expertise for a wide range of technologies.
• Strong understanding of compliance and/or cybersecurity concepts, practices, and procedures.
• Minimum skills needed to independently assess specified DCDC Technology Areas (e.g., Virtual Infrastructure, Voice/Video over Internet Protocol [VVoIP], Unix Operating Systems, etc.) as part of the assessor role.
• Security clearance level: TS/SCI clearance required.
• US citizenship required due to the TS/SCI clearance requirement

Nice To Haves

• Experience with USCENTCOM and understanding of its mission and IT environment.
• Experience briefing leadership (both contract and government).
• Familiarity with scripting languages (e.g., PowerShell, etc.) for automation tasks related to STIG compliance (e.g., assisting SMEs with EvaluateSTIG, etc.).
• Strong/specialized experience needed to independently assess specified DCDC Technology Areas as part of the assessor role.

Responsibilities

• Creating, tracking, and/or maintaining various configuration and/or vulnerability mitigation efforts (e.g., developing, submitting, and/or tracking Authority to Operate (ATO) products, Plans of Action and Milestones [POA&Ms], Security Technical Implementation Guide [STIG] checklists, etc.).
• Conducting analysis for and/or tracking Cyber Tasking Orders (CTOs), weekly Information Assurance Vulnerability Assessments (IAVAs), and other related items between Cybersecurity teams and Information Technology (IT) Subject Matter Experts (SMEs) to determine level of mitigation efforts, sequence of actions required, and tracking/reporting of specific details to leadership.
• Creating and/or providing compliance tracking products (e.g., status reports, briefings, and/or updates) to leadership.
• Providing expert analytical support that includes research and documentation (e.g., Policies, tactics, techniques, and procedures [TTPs], etc.) to support USCENTCOM mission.
• Gaining certification as a Department of Defense Cyber Defense Command (DCDC) Technology Area Reviewer for at least one CORA Technology Area.
• Performing all requirements to maintain DCDC Reviewer certification (e.g., performing CORA assessments, maintaining required training, etc.).
• Participating in various meetings and/or working groups between Operations and Cybersecurity professionals (including both government and contract personnel) to track and ensure cybersecurity compliance.
• Other compliance-related duties as required.

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.