Cybersecurity Analyst Technical Reviewer

3 Reasons Consulting•Charleston, SC

10h

About The Position

The Cybersecurity Analyst Technical Reviewer is responsible for performing Assessment and Authorization (A&A) activities within the Defense Health Agency (DHA) Risk Management Framework (RMF) to ensure Department of War (DoW) Information Technology systems, medical devices, business solutions, and networks obtain and maintain an Authorization to Operate (ATO). This role supports the development and enforcement of cybersecurity policies in alignment with DHA guidelines and ensures compliance across assigned systems. The selected candidate will serve as the primary point of contact for assigned systems undergoing the RMF process, conducting initial assessments, coordinating meetings, tracking communications, and collaborating with system owners, vendors, DHA leadership, the Risk Management Executive (RME) Division, Risk Management as a Service (RMFaaS), and Integrated Project Team (IPT) leads. Responsibilities include leveraging approved communication channels such as eMASS, Consolidated System Tracking and Reporting (CSTAR), Microsoft applications, and other authorized platforms. This position supports high-impact cybersecurity efforts, including tool testing, trend analysis, remediation planning, policy development, workflow creation, and implementation planning. The candidate must be capable of identifying root causes, resolving broadly defined problems, and delivering accurate and timely solutions aligned with DoW, DISA, DHA, RME, and RMFaaS guidance. Services to be performed include, but are not limited to: Perform Assessment and Authorization (A&A) activities to support RMF compliance and ATO attainment. Conduct initial assessments of DoW systems and provide feedback and guidance throughout the authorization lifecycle. Coordinate and facilitate meetings with internal and external stakeholders. Regularly utilize eMASS and CSTAR to manage and track system authorization activities. Monitor and track progress for assigned systems and update online databases weekly at a minimum. Troubleshoot and resolve issues related to cybersecurity tools. Create Security Assessment Plans (SAP) for assigned systems. Analyze and identify inconsistencies using Control Correlation Identifiers (CCIs), hardware and software inventories, authorization boundaries, and external communication documentation. Assist ISSMs, ISSOs, and cybersecurity team members by recommending RMF and CSRMC-related documentation updates. Identify and report risks or inefficiencies to the Estimate Team Lead and recommend procedural or operational improvements. Recommend and select applicable STIGs and SRGs within defined authorization boundaries. Utilize cybersecurity tools such as PCAT, CSTAR, eMASS, and other approved tools. Provide remote customer support in accordance with DoW, DISA, DHA, RME, and RMFaaS guidelines. Facilitate enterprise tool training sessions and one-on-one customer training when required. Provide regular status updates to the Estimate Team Lead and participate in program meetings and working groups.

Requirements

Bachelor of Science degree in Information Technology, Cybersecurity, Business, or related field from an accredited university, or commensurate experience.
Minimum of three (3) years of experience with complex software systems, including Systems Analysis, Systems Architecture, Systems or Equipment Support, and Test and Evaluation.
Minimum of two (2) years of experience in Electronics Engineering, Computer Engineering, Computer Science, Management Information Systems, Information Systems, Cybersecurity, cloud solutions, or Information Technology.
Working knowledge of Facility-Related Control Systems, Platform IT (PIT) Systems, major applications, networks, and other software solutions.
Experience using eMASS.
Proficiency with Microsoft Office Suite (Word, Excel, PowerPoint, Visio, Outlook).
Strong time management skills and ability to manage correspondence and priority scheduling.
Excellent written and verbal communication skills.
Security+ Certification.
Active Secret Security Clearance

Nice To Haves

CASP+, CISSP, or CySA+.
Experience working with the Defense Information Systems Agency (DISA).
Experience serving as an ISSM or ISSO.

Responsibilities

Perform Assessment and Authorization (A&A) activities to support RMF compliance and ATO attainment.
Conduct initial assessments of DoW systems and provide feedback and guidance throughout the authorization lifecycle.
Coordinate and facilitate meetings with internal and external stakeholders.
Regularly utilize eMASS and CSTAR to manage and track system authorization activities.
Monitor and track progress for assigned systems and update online databases weekly at a minimum.
Troubleshoot and resolve issues related to cybersecurity tools.
Create Security Assessment Plans (SAP) for assigned systems.
Analyze and identify inconsistencies using Control Correlation Identifiers (CCIs), hardware and software inventories, authorization boundaries, and external communication documentation.
Assist ISSMs, ISSOs, and cybersecurity team members by recommending RMF and CSRMC-related documentation updates.
Identify and report risks or inefficiencies to the Estimate Team Lead and recommend procedural or operational improvements.
Recommend and select applicable STIGs and SRGs within defined authorization boundaries.
Utilize cybersecurity tools such as PCAT, CSTAR, eMASS, and other approved tools.
Provide remote customer support in accordance with DoW, DISA, DHA, RME, and RMFaaS guidelines.
Facilitate enterprise tool training sessions and one-on-one customer training when required.
Provide regular status updates to the Estimate Team Lead and participate in program meetings and working groups.