Cyber Security Analyst

About The Position

Requirements

• One to two (1-2) years combined cybersecurity experience holding one or more of the following roles: ISSO, Cybersecurity Analysts, and/or Systems/Network Administrator.
• Two plus (2+) years of experience working with Windows and/or Linux systems administration.
• Bachelors degree (e.g. Cybersecurity, Engineering, Computer Science, or related IT fields) and active DoD 8570 Level II Certification (e.g. Security+ CE, CCNA, etc.)

Nice To Haves

• Skilled in the use of Enterprise Mission Assurance Support Service (eMASS)
• Knowledgeable with Supply Chain Cyber Risk Management (SCRM)
• Knowledge of cybersecurity principles and DoD requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption, zero trust)
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)

Responsibilities

• Evaluating information systems for compliance with Defense Information Security Agency (DISA) Security Technical Implementation Guideline (STIG) and reviewing measures needed to bring systems into compliance
• Conducting Assured Compliance Assessment Solution (ACAS) scans for STIG compliance checks
• Reviewing Information Assurance Vulnerability Alerts (IAVA) for applicability and impact to N-NC
• Developing and/or updating the Plan of Action and Milestones (POA&M) to document all known vulnerabilities to correct or mitigate risks
• Analyzing changes affecting the organization's Authorization to Connect (ATC) risk level and cybersecurity posture and report findings
• Ensuring that security design & distribution actions are evaluated, validated, and implemented as required
• Ensuring that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s)
• Evaluating development efforts to ensure that baseline security safeguards are planned for and appropriately installed
• Identifying alternative information security strategies to address organizational security objectives of cyber taskings
• Assisting the command ISSM in preparing, distributing, and maintaining plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations and cybersecurity practices
• Reviewing & recommending policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies
• Developing, updating, and/or reviewing ATO, IATT, ATC documentation to include, but not limited to, Security Plans, Implementation Plans, Test Plans, Test Results (ACAS, STIGs, etc.), POA&M, and Security Assessment Reports (SAR)
• Assessing system compliance against NIST and DoD security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Coordinating with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories

Benefits

• SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more.
• For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.