Cybersecurity Certification & Accreditation Analyst Lead

About The Position

Requirements

• 7+ years of IT experience.
• 5+ years of cybersecurity experience.
• 5+ years of Oracle EBS R12.2 platform experience.
• Possesses one or more current penetration testing certifications such as LPT, CEPT, CEH, or GPEN.
• Proven experience performing Command Cyber Readiness Inspections, vulnerability assessments, and penetration testing.
• Served as a DISA Field Security Office certified CCRI Team Lead.
• Served as a Tenable Certified NESSUS Auditor.
• Expert knowledge of DoD security regulations, DISA Security Technical Implementation Guides, Security Requirements Guides, SCAP, and the Risk Management Framework.
• Proficiency with VULNERATOR, the USCYBERCOM CTO Compliance Program, wireless vulnerability assessment tools, and SQL Server and Oracle database security.
• Strong analytical and problem-solving skills.
• Excellent written and oral communication skills.
• There is a Secret Security clearance requirement for this position.
• Able to travel within a week's notice.

Nice To Haves

• Experience supporting DoD or DLA program offices.
• Experience supporting DoD ERP environments.
• Experience supporting financial system cybersecurity compliance in the context of FFMIA.
• Experience leading enterprise-level cyber modernization initiatives.
• Familiarity with DLA-specific cybersecurity governance frameworks.

Responsibilities

• Support RMF and Authorization Lifecycle Leadership.
• Serve as technical lead for RMF implementation and sustainment activities across the DAI environment.
• Develop, review, and maintain RMF artifacts.
• Provide technical direction on control inheritance, system boundary definitions, and security architecture alignment.
• Coordinate with Authorizing Officials, ISSMs, ISSOs, and system owners to ensure compliance readiness.
• Support CCRI Preparation and Vulnerability Assessments.
• Lead preparation for Command Cyber Readiness Inspections.
• Perform and oversee vulnerability assessments and analyze findings.
• Develop mitigation strategies and remediation tracking plans.
• Conduct penetration testing consistent with CEH, GPEN, or LPT standards.
• Support STIG Compliance and Security Engineering.
• Interpret and apply DISA Security Technical Implementation Guides and Security Requirements Guides.
• Develop product-specific STIG overlays for Oracle EBS R12.2 and associated infrastructure.
• Assess and validate compliance.
• Ensure SCAP-based configuration validation is properly implemented.
• Provide Oracle EBS R12.2 Security Oversight.
• Lead security evaluation of the Oracle EBS R12.2 platform.
• Support secure integration with financial, acquisition, and testing workflows.
• Evaluate security impacts of system enhancements and releases.
• Conduct Penetration Testing and Advanced Threat Analysis.
• Conduct or oversee penetration testing activities across application and network layers.
• Perform advanced threat analysis and recommend mitigation solutions.
• Analyze phishing exercises, USB detection events, and physical security testing results.
• Validate remediation of identified vulnerabilities.
• Support Cybersecurity Tool Selection and Innovation Initiatives.
• Recommend cybersecurity software tools and define tool selection criteria.
• Develop requirements for vulnerability assessment, compliance scanning, and monitoring solutions.
• Contribute to the development of new methodologies and advanced technological approaches to enhance DAI cybersecurity posture.
• Evaluate emerging cybersecurity technologies and recommend adoption where appropriate.
• Support Reporting, Risk Analysis, and Executive Briefings.
• Provide detailed technical reports.
• Present cybersecurity status to PMO leadership and executive stakeholders.
• Independently identify systemic security risks and propose strategic corrective actions.
• Support integration of cybersecurity findings into acquisition milestone reviews and audit documentation.

Benefits

• We offer multiple healthcare coverage options to include low deductible, high deductible, and plans eligible for our Health Savings Account (HSA) option. Along with medical coverage, employees have dental, vision, accident & illness, short- and long-term disability all available to them.
• BMA proudly maintains a 401(k) plan with an industry leading 6% match that can include profit sharing based on company performance.
• Lastly, being an employee-owned company means that BMA offers a 100% Employee Stock Ownership Plan (ESOP), providing eligible employees the opportunity to earn stock in BMA, subject to plan eligibility and vesting requirements.