Cybersecurity Analyst II

About The Position

Requirements

• Knowledge of NIST SP 800-53 control families, NIST RMF steps, DIR security control standards, and agency CISO policies; skill in applying control requirements to systems and documenting implementation within SSPs.
• Knowledge of cloud security posture management (CSPM) concepts and tooling; ability to evaluate cloud configurations for misconfigurations and control gaps across Azure and AWS environments.
• Knowledge of enterprise Governance, Risk, and Compliance (GRC) platforms such as RSA Archer; skill in maintaining risk records, POA&Ms, exceptions, and continuous monitoring evidence.
• Skill in risk analysis and vulnerability management, including validation and prioritization of scan results and tracking remediation to closure.
• Skill in conducting security and risk-based needs assessments of automated systems and business initiatives; ability to analyze administrative, technical, and operational controls and supporting evidence.
• Ability to advise diverse stakeholders on secure architecture, secure application development standards, and cloud security best practices; ability to deliver focused security training.
• Ability to prepare audit documentation, assessment reports, Authorization to Operate (ATO) packages, and leadership reporting with clear, concise communication.
• Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions
• Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is generally preferred. Education and experience may be substituted for one another on a year for year basis.
• At least 3 years of experience in information security analysis work.
• Experience developing and implementing information technology (IT) security training and awareness programs, policy, standards, and/or procedures.
• Experience with cloud security in Azure and/or AWS, including review of security configurations and assessment of web application security risks.

Nice To Haves

• CompTIA Security+
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Global Information Assurance Certification (GIAC) or similar security certifications.

Responsibilities

• Security and Risk Management Services
• System Security Planning
• Security and Risk-Based Needs Assessments
• Provides Governance, Risk, and Compliance (GRC) Continuous Monitoring, Advisory, and Training Support
• Performs or leads other duties as assigned.

Benefits

• comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees
• defined benefit pension plan
• generous time off benefits
• numerous opportunities for career advancement