Cybersecurity Analyst (Subject Matter Expert)

Goldbelt, Inc.•Orlando, FL

About The Position

This position is contingent upon the successful award of a contract currently under bid. Nisga’a MOSTT provides Military Operations support and Specialized Tactical Training (MOSTT) to those who defend the US and warfighters. Their services include aviation and military training, cybersecurity, intelligence gathering and analysis, simulation and exercise support, aviation flight logistics support, and unmanned aerial vehicle support. The Cybersecurity Analyst (Subject Matter Expert) will support the coordination of Certification and Accreditation (C&A) of systems in accordance with the Risk Management Framework outlined by the National Institute of Standards and Technology (NIST) and DoD Instruction 8500.1. This role involves supporting the development, coordination, and execution of initial C&A, Federal Information Security Management Act (FISMA), and re-accreditation requirements.

Requirements

Advanced knowledge of DoD cybersecurity policies and frameworks, including Risk Management Framework (RMF), NIST standards, and DoDI 8500.01 / 8510.01
Knowledge of Information Assurance Vulnerability Management (IAVM), including IAVA compliance and reporting.
Familiarity with Security Technical Implementation Guides (STIGs) and vulnerability scanning tools.
Understanding of configuration management principles for secure systems and environments.
Ability to assess system security posture and recommend mitigation strategies
Strong analytical and documentation skills.
Shall have a minimum of IAT Level II certification IAW DODM 8570.01.
8+ years of experience in cybersecurity, information assurance, or RMF support within a DoD or federal environment
Requires Secret Clearance.

Nice To Haves

Bachelor’s degree preferred.

Responsibilities

Support the efforts to coordinate and ensure Assess and Authorization (A&A) of systems are IAW DoD Cybersecurity (CS) A&A Risk Management Framework (RMF) process and/or Intelligence Community Directives (ICD) 503/Director of Central Intelligence Directive (DCID) 6/3 guidance, DoDI 8500.01, DoDI 8510.01 and AR 25-2.
Provide Information Security (IS) engineering support to integrate required security characteristics and requirements into the performance objectives of the selected system.
Provide assistance to ensure that these systems are protected from known vulnerabilities.
Support the preparation and generate required security A&A documentation and coordination with the Authorizing Official (AO) to obtain successful system accreditation. Security documentation includes, but is not limited to, artifacts required by RMF and National Institute of Standards & Technology (NIST) controls such as the Security Plan (SP), Continuity of Operations Plan (COOP), Configuration Management Plan (CMP) and when required a Plan of Action and Milestones (POA&M).
Provide Information Assurance Vulnerability Management (IAVM) support to include assisting with dissemination, installation, Information Assurance Vulnerability Alerts (IAVA) reporting, and compliance procedures for IAVM.
Provide configuration management support of IS software and hardware, maintain software licenses and ensure security related documentation is current and accessible to properly authorized individuals.
Conduct self-assessments, document validation results and generate POA&M in support of the Control Approval Chain and Package Approval Chain activities in the US Army Enterprise Mission Assurance Support Service (eMASS) online database.
Provide independent validation and assessment support by conducting vulnerability scans, determining Security Technical Implementation Guide (STIG) checklist compliance and reviewing a variety of DoD, Army, RMF and NIST documentation to include SP, CMP, CP and other A&A artifacts to assess the cybersecurity posture of subject systems.