Cybersecurity Analyst (contingent 045)

About The Position

Requirements

• Proficient understanding of the Risk Management Framework (RMF) and its application to complex information systems.
• Strong analytical skills with the ability to identify and assess cybersecurity vulnerabilities and risks.
• Excellent written and verbal communication skills for reporting findings and recommendations clearly to stakeholders.
• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• Minimum of 5 years' experience in cybersecurity engineering.
• Required certifications: DoD 8570.01-Manual (M) Baseline Certification for an Information Assurance Manager (IAM) Level III.
• Secret security clearance is required.

Nice To Haves

• Relevant certifications are a plus.

Responsibilities

• Provide expert guidance to ensure that systems comply with military RMF requirements as outlined in DoDI 8510.01 for DoD Information Technology (IT).
• Support the Authority to Operate (ATO) process and maintain ATO certifications.
• Conduct technical assessments of systems using tools like Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and Security Technical Implementation Guides (STIGs).
• Identify and analyze system vulnerabilities, developing Plans of Action & Milestones (POA&Ms) for remediation.
• Recommend and implement effective remediation strategies to address identified security deficiencies.
• Assess programmatic impacts associated with the implementation of common control requirements within the Risk Management Framework (RMF).
• Provide expertise on cloud and network security, including cloud security infrastructure products and tools.
• Utilize a variety of cybersecurity tools and technologies, including but not limited to: Host Based Security System (HBSS), Data Loss Prevention-Endpoint (DLPe), Endpoint Security (ENS), ePolicy Orchestrator (ePO), Tychon, Threat Intelligence and analysis, Internet of Things (IoT) security, AI/ML applications, Windows Server Update Services (WSUS), Security Information and Event Management (SIEM) tools, such as Splunk, Identity and Access Management (IAM) solutions, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) tools, SCAP, STIG Viewer, and Evaluate STIG tools.