Cyber Security Analyst Level III

About The Position

Requirements

• Recommend 5+ years of experience
• Knowledge of the limitations and capabilities of computer systems and technology; operational support of networks, operating systems, Internet technologies, databases, and security infrastructure; cybersecurity and information security controls, practices, procedures, and regulations; and incident response program practices and procedures.
• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Data Science, or Software Engineering is typically required.
• Common certifications for this role include GCIH (GIAC Certified Incident Handler), CEH (Certified Ethical Hacker), Security+, and others like PenTest+ or CySA+.
• Proficiency in network security architecture and application vulnerabilities.
• Ability to conduct vulnerability scans and utilize penetration testing tools.
• Knowledge of network analysis tools and techniques.
• Active DoD Secret clearance

Responsibilities

• Will provide Subject Matter Expertise (SME) for process oversight in implementing/executing STIGS using automated and manual tools provided by DISA (ex. Security Content Automation Protocol – SCAP).
• Will provide training to system administrators (SA) on STIG process as needed.
• Track STIG compliance and quarterly updates for all servers and infrastructure devices and identify discrepancies to system administrators and A6 CORA Lead.
• Works with Communications Focal Point to obtain quarterly STIGS random sampling (min ten percent (10%)) of physical and virtual workstations.
• Review checklist for compliance and report findings of incomplete STIGS and set a suspense date for completion.
• Will provide Subject Matter Expertise (SME) for process oversight in POAMs for Enterprise Mission Assurance Support Service (eMASS), DISPATCH, and STIGS for CORA.
• Manages POAM program for assigned base\location by working with SAs to ensure a POAMs for all open findings from STIGS and vulnerability scans are created and updated every thirty (30) calendar days until remediation is complete.
• Review and notify SAs and their immediate supervisor as well as the A6 CORA Lead for any incomplete or non-submitted POAMs.
• Provide monthly status of open POAM status based on severity level (CAT I (Critical/High), CAT II (Medium) and CAT III (Low)
• Will provide Subject Matter Expertise (SME) on ESS reports and will be responsible for downloading and analyzing weekly posted reports.
• Reports: Data Loss Prevention (DLP) Violations Enhanced Reports Outdated Product Report Rogues Subnet Coverage
• Notify the office of responsibility SA of open findings and suspense SAs to identify devices for exemption (ex. Printers, non-OS systems).
• Use designated template for list of exempted devices.
• Submit exempted device list to 561st Network Operations Squadron (NOS) Client Security via Remedy Ticket or designated ticketing system.
• Work with office of responsibility to identify which two (2) systems within each populated subnet range will have Rogue Sensor Detectors (RSD) applied.
• Submit identified systems via designated ticketing system to 561 NOS Client Security.
• Monitor and download weekly reports for status on open findings.
• Serve as functional lead for cybersecurity applications used to manage / monitor cyber compliance status, configuration and indicators of compromise
• Base Analysts will provide the following support in addition to STIGs, POAMs, and ESS compliance:
• Identify monthly summary of fix actions (i.e. punch list) required to meet CORA standards and guidelines.
• Intergrate Command Cyber 365 Flight Plan guide with all required components.
• Report monthly on compliance status from assigned bases.
• Manage / Report on implementation of policies established by Commander Cyber Analysts.
• Manage 38 CORA/HSO reports for assigned bases or equivalent.
• Configure and tailer policies to address specific needs and intricacies of assigned basis.
• Develop Master Software List (MSL) for assigned base(s).

Benefits

• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.