Cyber Information Assurance Analyst III

Chickasaw Nation Industries, Inc.•Fort Meade, MD

8d•$115,000 - $120,000

About The Position

The Cyber Information Assurance Analyst III supports the customer by performing assessments of systems and networks within the networking environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Must be able to apply extensive technical expertise and has full knowledge of other related disciplines. Work is performed without appreciable direction. Exercises considerable latitude in determining technical objectives of assignment. Completed work is reviewed from a relatively long- term perspective, for desired results. Guides the successful completion of major programs and may function in a project leadership role. As a federal contractor, CNI is a drug-free workplace and adheres to the Federal Controlled Substance Act.

Requirements

Have an active DoD Top Secret clearance with SCI eligibility
DoD 8570 IAM/IA Technical (IAT) Level II certification
Demonstrated experience with STIGs (Security Technical Implementation Guides), Security Requirement Guides (SRGs), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices
Advanced understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253
Demonstratable experience in risk analysis, control validation, and as a Security Control Assessor Representative (SCA-R).
Demonstrated experience with relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
Advanced understanding of key technologies areas/domain such as: Network, Mobility, Windows, UNIX, Cloud Environments and Cloud Native Tools/Services, Host Based Security System (HBSS)/Endpoint Security Solutions (ESS), Databases, Applications
Customer service skills
Bachelor's Degree and a minimum of eight (8) years of experience in systems security, or equivalent combination of education/experience.

Responsibilities

Use government-assigned tools to perform weekly updates, maintain records, and complete tasks.
Coordinate with ISSMs and PMOs to understand system architecture, security requirements, and changes.
Conduct risk analysis and authorization tasks across all RMF steps using approved RE5 tools and processes.
Verify authorization boundaries and categorize systems (FIPS199).
Identify data classifications and conduct system-level risk assessments.
Track system changes, assess impacts, and report updates to the AO.
Evaluate authorization and change requests, web filtering, firewall exceptions, ports/protocols, cybersecurity risks, STIG/SRG compliance, and on-site security.
Lead assessment visits, conduct briefings, and ensure proper documentation and reporting.
Attend required government training and meetings to stay updated on process changes.
Maintain access and proficiency in required government databases and cybersecurity tools.
Assess threats, vulnerabilities, and residual risks; compile findings into authorization packages.
Support assigned systems throughout their lifecycle in alignment with FISMA requirements.
Submit weekly activity reports summarizing tasks, tracking IDs, and key updates.
Complete assessor training, vulnerability scanning, endpoint security, and RMF step training.