Cyber Security Analyst - IA

About The Position

Requirements

• 5-8 years of cybersecurity experience
• Must currently hold a DoD 8140-compliant IAT II certification (SSCP or Security+CE with appropriate CE/OS certificate), and IAM II certification (CGRC or CASP CE) or be able to obtain within six months
• CE/OS certificate may include Windows or Linux
• Experience with Xacta, eMASS, ACAS/Nessus, SCAP, SCC Tool, Benchmarks, and STIG Viewer
• Experience with Risk Management Framework (RMF) process
• Familiar with RMF Factory and RMF Factory requirements
• Have developed communication skills and the ability to express thoughts and ideas clearly and concisely
• Must be a team player, dedicated to program support, capable of multitasking and working several complex and diverse tasks with simultaneous or near simultaneous deadlines
• Be a self-starter who is accountable and requires minimal direction and supervision
• Be open to new and innovative ideas
• Must be able to be appointed ISSO for NCS systems within 6-months of employment
• Information Assurance Vulnerability Compliance Management

Nice To Haves

• Bachelors degree in information systems, computer science, or similar
• Navy RMF and JWICS experience
• DADMS experience
• Container security
• DevSecOps experience
• Ability to create boundary and dataflow diagrams utilizing VISIO
• Intermediate or higher skill level with MS Office Suite
• Experience in a Linux environment is preferred
• Experience with Networking Devices
• Experience with Vulnerability Remediation Asset Manager (VRAM)

Responsibilities

• Developing and updating assessment and authorization documentation (Body of Evidence) for management and continuous monitoring of information systems
• Performing ongoing compliance assessments using tools, such as Assured Compliance Assessment Solution (ACAS), Secure Content Automation Protocol (SCAP), and McAfee Virus Scan Enterprise while reviewing, documenting, and maintaining all results
• Verifying patches and virus definitions to the systems using existing automated tools
• Adhering to pre-defined configuration management and change management policies and procedures for authorizing software prior to its implementation on systems
• Performing security audits used to track multiple events including any signs of inappropriate or unusual activity, intrusion events, data transfers, etc.
• Performing security assessments of NCS Family of Systems in accordance with NIST, Navy, NSA and NAVINTEL IA guidance
• Working with system engineers to take corrective action to resolve identified problems
• Performing Site Based Security Assessments (SBSAs) of systems and recommends authorization to the Designated Authorizing Official (DAO) as a certified trusted agent
• Reporting security incidents in accordance with the Command Incident Response Plan (CIRP)
• Ensuring systems are operated, used, maintained, and disposed of in accordance with all applicable security policies and practices

Benefits

• SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more.