Cybersecurity Analyst, Sr.

TIAG•Bethesda, MD

1d•Onsite

About The Position

TIAG is now hiring a Cybersecurity Analyst, Sr. to provide specialized labor solutions and augment the existing cybersecurity posture for the Uniformed Services University (USU). This role heavily focuses on driving Risk Management Framework (RMF) compliance, accelerating systems authorization, and transitioning security controls, with supplementary duties in incident response and embedded engineering. Provide comprehensive Risk Management Framework (RMF) Assessment & Accreditation (A&A) support across multiple systems to augment the existing cybersecurity posture, encompassing the development of required artifacts within eMASS, driving the transition of security controls to NIST 800-53 Rev 5, and delivering formal certification and authorization recommendations. Lead the transition of security controls for University systems from NIST 800-53 Rev 4 to Rev 5. Develop, update, and upload all required Body of Evidence (BoE) into the Enterprise Mission Assurance Support Service (eMASS). Manage eMASS backlog surge efforts by successfully updating assigned security controls to a "Ready for Review" status. Execute comprehensive Risk Management Framework (RMF) Assessment & Accreditation (A&A) analysis for academic domain applications and products. Develop all required accreditation artifacts and full RMF documentation for tasked systems. Provide formal certification and authorization recommendations for an estimated six academic systems annually. Analyze existing system authorization workflows to actively identify operational bottlenecks. Draft and deliver formal annual recommendation reports that outline process improvements and automation opportunities to accelerate future system modernizations. Provide 8/5 Incident Response (IR) support with 24/7 on-call availability protecting Endpoint, Cloud (SaaS, PaaS, IaaS), and Server environments. Independently manage the initial triage and documentation of all security incidents assigned to your shift or queue. Ensure strict adherence to Service Level Agreements (SLAs), including triaging Critical incidents within 2 hours and providing hourly status updates until resolution. Integrate as an embedded cybersecurity engineer alongside Systems Operations (Linux/Windows), Software Development (Java/.NET), and Research Infrastructure (GCP) teams. Generate standardized Security Assessment Reports (SAR) delivered within 48 hours for every assigned sprint or project milestone. Participate in a mandatory skills rotation schedule—occurring initially at 180 days and every 90 days thereafter—to ensure technical freshness and mitigate single-point-of-failure risks.

Requirements

Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field.
Ten (10) years of experience preparing, implementing, and ensuring compliance with cybersecurity policy, to include Assessment and Authorization requirements.
IAT Level III or IAM Level III certification.
Ability to work independently and collaboratively within a fast-paced, mission-critical environment.
Must be a U.S. Citizen and possess the ability to obtain and maintain a DoD Secret (or higher) security clearance.

Responsibilities

Provide comprehensive Risk Management Framework (RMF) Assessment & Accreditation (A&A) support across multiple systems to augment the existing cybersecurity posture, encompassing the development of required artifacts within eMASS, driving the transition of security controls to NIST 800-53 Rev 5, and delivering formal certification and authorization recommendations.
Lead the transition of security controls for University systems from NIST 800-53 Rev 4 to Rev 5.
Develop, update, and upload all required Body of Evidence (BoE) into the Enterprise Mission Assurance Support Service (eMASS).
Manage eMASS backlog surge efforts by successfully updating assigned security controls to a "Ready for Review" status.
Execute comprehensive Risk Management Framework (RMF) Assessment & Accreditation (A&A) analysis for academic domain applications and products.
Develop all required accreditation artifacts and full RMF documentation for tasked systems.
Provide formal certification and authorization recommendations for an estimated six academic systems annually.
Analyze existing system authorization workflows to actively identify operational bottlenecks.
Draft and deliver formal annual recommendation reports that outline process improvements and automation opportunities to accelerate future system modernizations.
Provide 8/5 Incident Response (IR) support with 24/7 on-call availability protecting Endpoint, Cloud (SaaS, PaaS, IaaS), and Server environments.
Independently manage the initial triage and documentation of all security incidents assigned to your shift or queue.
Ensure strict adherence to Service Level Agreements (SLAs), including triaging Critical incidents within 2 hours and providing hourly status updates until resolution.
Integrate as an embedded cybersecurity engineer alongside Systems Operations (Linux/Windows), Software Development (Java/.NET), and Research Infrastructure (GCP) teams.
Generate standardized Security Assessment Reports (SAR) delivered within 48 hours for every assigned sprint or project milestone.
Participate in a mandatory skills rotation schedule—occurring initially at 180 days and every 90 days thereafter—to ensure technical freshness and mitigate single-point-of-failure risks.