Cybersecurity Analyst

About The Position

Requirements

• Bachelor’s degree with two or more years’ experience supporting an IT Enterprise environment in a cyber, system administration, engineering or management capacity. Additional years of experience accepted in lieu of degree.
• Requires experience with US Navy’s Risk Management Framework (RMF) to include policy development, control testing, POA&M management, and Configuration Management.
• Experience using MS office tools such as Excel, Word and Visio; working with DoD tools such as eMASS and DADMS; working with security engineers to review compliance scans; and performing cybersecurity assessments using standards such as CIS Benchmarks, STIGS, etc.
• Broad technical experience related to IT operations, networks, OSs, and system administration.
• Extensive knowledge base in Information Security / Information Assurance / Cybersecurity analysis supporting systems, networks, applications, and cross-domain solutions.
• Security+ and one of the following: CCNA, CCNP, Enterprise Linux, VMWare Professional, Windows 2019 or higher or VMWare Certified Associate. Six-month waiver authorized to obtain.
• Top Secret with the ability to obtain TS/SCI.

Responsibilities

• Ensure Information Assurance Vulnerability Alert Management (IAVM), Communications Task Orders (CTOs), STIG compliance and reporting.
• Maintain compliance with IAVM mandated timeframes associated with the network.
• Identify cyber security requirements prior to customer migration.
• Perform DADMS and DITPR-DON adds and renewals.
• Maintain security compliance for network applications and software.
• Respond to all IAVMs, EXORS, OPORDs, and CTOs for infrastructure and tracking of patches in an enterprise environment.
• Maintain compliance with IAVM mandated timeframes associated with the infrastructure.
• Provide support to respond to cyber security and system Data Calls.
• Provide Vulnerability Remediation Asset Manager (VRAM), data to ensure compliance to technical directives and mitigate against known vulnerabilities.
• Create, attain, manage, and maintain Assessment and Authorization (A&A) packages under RMF for common control provider and information system owner packages.
• Create and maintain packages in eMASS.
• Assist government team leads when required with the creation of RMF required documentation (External Connection requirements, IT Interconnection Agreements, Security Memorandums of Agreement, Security Memorandums of Record, Risk Assessments, Vulnerability Analysis, POAMs and IAVM program support and guidance).
• Track all new STIG releases along with their deltas and participate in STIG implementation.
• Assist government team leads when required with reporting on Audit Readiness capability in accordance with Navy customer scoring cards.
• Support the development for a process for maintaining and enforcing security for the infrastructure.
• Assist government team leads when required with IAVM requirements reporting.
• Support security/IA requirements definition by identifying security controls to be put in place for systems and networks.
• Recommend processes for maintaining and enforcing security/Information Assurance for identified systems, networks and systems in support of security engineering.
• Document the A&A requirements and processes in support of security engineering.
• Execute security scans in compliance with DoD/DoN standard timeframes for infrastructure and customer systems.
• Assist government team leads when required with reporting on customer hosted systems accreditation status.
• Provide vulnerability assessment scans to the government team leads upon request.
• Evaluate, recommend, integrate and implement innovative and automated continuous monitoring capabilities in support of RMF and Cyber Security compliance.