Cyber/Information Assurance (IA) Analyst

About The Position

Requirements

• Three (3) or more years of experience securing operating systems against DISA STIGs and configuring/maintaining host firewalls; experience hardening Windows Server and Red Hat Linux platforms required.
• Working knowledge of the DoD IAVM program, the DISA Vulnerability Management System (VMS), and the Continuous Monitoring Risk Scoring (CMRS) system.
• Knowledge of DoD vulnerability scanning standards and tools, defense-in-depth concepts, and incident response, auditing, and CNDSP practices.
• Hands-on experience with cyber tools, including HBSS/ESS, ACAS (Tenable), Splunk, and Tanium.
• Experience supporting RMF (NIST SP 800-37), NIST SP 800-53R control documentation and validation, and accreditation programs such as FISMA, OMB, DoD IG inspections, and ACA.
• Experience deploying patches and hot fixes against required deadlines using MECM, Group Policy, PowerShell, Red Hat Satellite/YUM, or Tanium.
• Strong analytical, written, and verbal communication skills with the ability to brief technical risk to Government leadership.
• Bachelor’s degree in Computer Engineering, Computer Information Systems, Telecommunications, Management Information Systems, Cybersecurity, or a related field; or equivalent combination of education and three (3)+ recent years of documented relevant experience.
• Must meet DoD 8570.01-M / DoD 8140 IAT Level II baseline certification requirements prior to start (e.g., Security+ CE, CCNA-Security, CySA+, GICSP, GSEC, or equivalent). Computing Environment certification appropriate to the role is also required.
• U.S. Citizenship
• Active Secret Clearance (or higher)

Nice To Haves

• For the Senior variant: 5+ years of experience and ACAS administrator certification/experience are strongly preferred.

Responsibilities

• Analyze results of security scans (ACAS, HBSS/ESS, Splunk, Tanium) independent of the JSP Cyber Center and JSP DCO, and coordinate with System Administrators to apply security patches, GPO changes, certificate updates, and configuration changes (averaging approximately 50 changes monthly).
• Drive systems toward 100% compliance with DISA STIGs, IAVM notices, and DoD tasking orders; prepare and manage Plans of Action and Milestones (POA&Ms) for any deviations, with mitigation steps and target compliance dates.
• Actively monitor DoD websites, automated notices, and collaboration sites for newly published cyber orders and tasking, distribute orders to appropriate Platform Services teams (10–12 monthly average), and track execution to completion.
• Maintain Command Cyber Operational Readiness Inspection (CCORI) and Cyber Security Service Provider (CSSP) compliance at all times as directed by JFHQ-DODIN; prepare pre-inspection checklists and ensure all items are compliant prior to scheduled and unscheduled inspections.
• Maintain secure baselines for workstations and servers; ensure all Platform Services managed assets have required security tools (HBSS/ESS, ACAS, Splunk, Tanium) installed and communicating to the management consoles, with tickets opened for any communication issues.
• Maintain non-critical IAVM Risk Scores across all Platform Services domains, technology areas, and accreditation boundaries.
• Support the RMF process in accordance with DoDI 8510.01 and NIST SP 800-37, including Authorization & Accreditation (A&A) artifacts, eMASS updates, and security control validation against NIST SP 800-53.
• Adhere to the JSP Incident Response SOP and CJCSM 6510.01; support independent control testing and Systems Security Reviews; document results in SharePoint or approved repositories.
• Deploy and validate patch and hot-fix mitigations across multiple operating system platforms using tools such as Microsoft Endpoint Configuration Manager (MECM), Group Policy, PowerShell scripting, Tanium, Red Hat Satellite Server, or YUM Server.
• Provide cyber compliance metrics, dashboards, and reports for the Monthly IPR and executive briefings.

Benefits

• Competitive salary based on experience
• Comprehensive benefits package including health, dental, vision, and retirement plans
• Paid time off and holidays