Cybersecurity Analyst

About The Position

Requirements

• 2+ years of professional experience in information security, risk management, or a related field, including internships or coursework.
• Basic knowledge of security tools, network security principles, and vulnerability assessment methodologies.
• Working experience with the DoD's Assured Compliance Assessment Solution (ACAS) tool is preferred.
• Basic knowledge of U.S. Government security policy including Department of Defense and appropriate civil agencies such as NIST, as well as commercial 'best practices'.
• Working knowledge of standard information security products including firewalls, intrusion detection systems, anti-virus systems, vulnerability testing, and security analysis tools.
• Familiarity with STIG Viewer.
• Exposure to the Risk Management Framework (RMF) and the A&A process.
• Exposure to a Governance, Risk and Compliance (GRC) tool such as eMASS (preferred), CSAM or XACTA.
• Exposure to cloud computing implementation and maintenance preferably with AWS.
• Strong analytical and problem-solving skills, with the ability to assess complex security issues and propose solutions.
• Excellent verbal and written communication skills; ability to explain technical concepts to non-technical stakeholders.
• Ability to work effectively both independently and as part of a team in a fast-paced environment.
• Active Secret Clearance or current interim.
• Associate's degree with 4 years of experience or a Bachelor's degree and 2 years of experience.
• IAT Level I certification.
• CompTIA A+, Network+, CCNA (Security+ satisfies the requirement).
• Computing environment certification (e.g., Server+, Linux+, AWS Certified Solution Architect (or equivalent)).

Nice To Haves

• Working experience with the DoD's Assured Compliance Assessment Solution (ACAS) tool.
• Exposure to a Governance, Risk and Compliance (GRC) tool such as eMASS, CSAM or XACTA.
• Exposure to cloud computing implementation and maintenance preferably with AWS.

Responsibilities

• Continuously monitors information systems for security threats, vulnerabilities, and breaches. Utilize security tools to analyze alerts and take appropriate action.
• Conducts regular risk assessments and vulnerability analyses to identify potential security weaknesses and recommends remediation strategies.
• Utilize DISA STIG Viewer to assess, document, and track system compliance with Security Technical Implementation Guides (STIGs), including performing checklist reviews, recording findings, and generating compliance reports.
• Supports the Assessment and Authorization (A&A) process as part of the Risk Management Framework (RMF) for multifaceted systems, networks and enclaves.
• Assists with risk mitigation through management of the Plan of Action and Milestones (POA&M) process. Verifies actions taken by internal IT support teams satisfy risk mitigation.
• Assists in the development and implementation of information assurance policies and procedures to ensure compliance with organizational and regulatory requirements.
• Support incident response efforts, including investigating security incidents, documenting findings, and coordinating with relevant teams for remediation.
• Maintains accurate documentation of security incidents, assessments, and compliance activities for audit and reporting purposes.
• Participates in internal and external audits to assess compliance with security policies and regulatory requirements; provide recommendations for improvement.
• Works closely with IT staff and other departments to ensure that security measures are integrated into system development and operational processes.