Cyber Analyst

About The Position

Requirements

• 5 years’ experience in RMF with Army or other DoW Organizations with emphasis on analyzing and accessing ATO packages.
• Knowledge of Department of War (DoW) policies, directives, and regulatory guidance in the cybersecurity field.
• Working knowledge of eMASS and DoW workflow tools.
• Knowledge and experience with technologies such as cloud computing environments, cybersecurity infrastructure, forensic analytics, and DoW Public Key Infrastructure.
• Demonstrated experience coordinating cross-functional teams consisting of cybersecurity engineers, system administrators, developers, and government stakeholders.
• Demonstrated experience managing multiple concurrent ATO packages and deliverables.
• Demonstrated ability to identify, track, and communicate ATO risks, issues, dependencies, and mitigation activities.
• Demonstrated experience preparing and presenting project status updates for ATO packages and performance metrics to senior leadership and government customers.
• Knowledge of DoW hosting environments, including cloud, on-premises, and hybrid architectures.
• DoW 8570/8140 IAT Level III Baseline Certification.
• Certified Information Systems Security Professional (CISSP) or equivalant
• US Citizen
• Must be able to pass a NACI background check

Nice To Haves

• Experience developing and reviewing ATO packages and RMF documentation.
• Familiarity with vulnerability management, continuous monitoring, security control assessments, and POA&M management.
• Strong written and verbal communication skills with experience producing cybersecurity documentation and executive-level reports.
• Demonstrated ability to translate security policies, implementation guidance, and requirements into effective cybersecurity engineering solutions.
• Experience with government or military setting with an emphasis on cybersecurity and compliance projects.

Responsibilities

• Assists with Certification & Accreditation (C&A), Authorization to Operate (ATO), and security authorization activities for DoW information systems.
• Provides administrative and technical support to the ISSM in conducting risk assessments, implementing security controls, and developing cybersecurity policies, procedures, and security plans.
• Assess cybersecurity documentation and authorization artifacts, including SSPs, POA&Ms, Security Assessment Reports, Risk Assessments, Contingency Plans, Incident Response Plans, Configuration Management Plans, and supporting RMF documentation.
• Supports continuous monitoring activities and validates compliance with FISMA, RMF, and organizational cybersecurity requirements.
• Provides guidance and support in the development and maintenance of system authorization packages, hardware and software inventories, boundary diagrams, and other compliance documentation.
• Coordinates with system owners, ISSMs, ISSOs, Engineers, and Cyber Security stakeholders to support compliance requirements, remediation efforts, and authorization activities.
• Analyze cybersecurity risks, vulnerabilities, and compliance gaps and provide recommendations for remediation, risk mitigation, and risk acceptance strategies.
• Provides cybersecurity guidance and support to project teams and stakeholders to ensure security requirements are integrated into project planning and execution.
• Review and validate RMF artifacts for completeness, accuracy, and compliance prior to submission to Authorizing Officials (AO), Security Control Assessors (SCA), and cybersecurity review boards.
• Facilitate package reviews and coordinate cybersecurity approval activities through applicable governance boards, change control processes, and authorization decision points.

Benefits

• health
• dental
• vision
• 401K
• life insurance
• short-term and long-term disability plans
• vacation time
• holidays