Cyber Sec Analyst II

About The Position

Requirements

• Must possess an active Secret clearance and be eligible for a Top Secret/SCI clearance
• A minimum of three (3) years of cybersecurity experience, preferably Navy RMF
• Must currently hold a DoD 8570-compliant IAT II certification (SSCP or Security+CE with appropriate CE/OS certificate) or be able to obtain within six months
• CE/OS certificate may include Windows or Linux
• Experience with eMASS, SSPs, POAMs, ACAS/Nessus, SCAP, Security Checklists, and STIG Viewer
• Experience with Risk Management Framework processes
• Have developed communication skills and the ability to express thoughts and ideas clearly and concisely
• Must be capable of multitasking and working several complex and diverse tasks with simultaneous or near simultaneous deadlines
• Be a self-starter who is accountable and requires minimal direction and supervision
• Be open to new and innovative ideas
• Be a team player willing to interface with client(s) and relay information back to team

Nice To Haves

• Experience in a RHEL environment
• Experience with Networking Devices
• Experience with DevSecOps
• Experience with automation tools (Ansible, Puppet, Chef) preferred
• Experience with being an NQV highly preferred
• Experience authoring and editing RMF Control Family Plans
• Experience with EvaluateSTIG and/or STIGManager

Responsibilities

• Verifying configuration management and tracking security update implementation to the systems using existing automated tools
• Adhering to pre-defined configuration management and change management policies and procedures for authorizing software prior to its implementation on systems
• Ensuring systems are operated, used, maintained, and disposed of in accordance with all applicable security policies and practices
• Performing cybersecurity testing, analysis, and reporting by conducting the following: Assured Compliance Assessment Solution (ACAS) scans, Security Technical Implementation Guide (STIG) checks, port scanning, application code review, Risk Management Framework (RMF) control review, and Plan of Action and Milestone (POAM)
• Providing in depth analysis on cybersecurity test results, remediation steps, and potential mitigating factor(s)
• Supporting the Information System Security Manager (ISSM) and Cybersecurity Lead in meeting all RMF documentation, process, policy, risk assessment, testing, and continuous monitoring requirements per the NIST SP-800 series
• Providing RMF support for all future and/or new Assessment and Authorization (A-A)
• Collaborating with the IPT Lead, PM, Developers, Engineers, and Test teams through guidance and options on how to meet all technical and policy security-control
• Maintaining security reporting compliance requirements outlined in the System SLCM Strategy

Benefits

• SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more.