Security Analyst

Agile Defense•Ridgecrest, CA

1d•Onsite

About The Position

Execute and oversee RMF Documentation and Compliance: Review the accuracy and traceability of all A&A documentation within eMASS to support timely system authorization. Review documentation to ensure full compliance with cybersecurity policies and standards (DoD, DoW, DoN, and RMF). Conduct security control assessments and validations of a system's technical and non-technical security features to mitigate known threats and vulnerabilities effectively. These assessments should comprehensively identify and assess impacts while also taking into account existing risk mitigation strategies. Ensure the completion of all necessary RMF products and reporting in accordance with policy and in collaboration with the Security Control Assessor. Assist in updating any documentation related to risk assessments (such as Risk Assessment Reports, Plan of Actions & Milestones, etc.) based on the results of assessments. Conduct the necessary vulnerability analysis to facilitate the mitigation and determination of residual risk as required. Provide support for the continuous monitoring program as needed, especially when System Level Continuous Monitoring results are essential to meet ongoing authorization requirements. Assist in contingency planning, testing, and execution as necessary. Support the incident response process and actively participate in meetings with the program team, offering updates on project status. Applicant should possess a strong understanding of the RMF process, as well as a working knowledge of eMASS, eMASSter, STIG Viewer, SCAP Compliance Checker (SCC), VRAM, and Visio applications. Excellent written and verbal communication skills, with an ability to clearly report on technical findings to both technical and non-technical stakeholders. Ability to work independently and manage multiple tasks in a fast-paced environment. Prior experience supporting Navy-specific systems or enterprise networks.

Requirements

Must Have Ability to Obtain a Secret Security Clearance
IAM Level II Certificate or higher (Sec+ and CAP, CASP+, CCISO, CISM, CISSP)
Strong understanding of the RMF process
Working knowledge of eMASS, eMASSter, STIG Viewer, SCAP Compliance Checker (SCC), VRAM, and Visio applications
Excellent written and verbal communication skills, with an ability to clearly report on technical findings to both technical and non-technical stakeholders
Ability to work independently and manage multiple tasks in a fast-paced environment
Prior experience supporting Navy-specific systems or enterprise networks
B.S. in Technical Field + 4 Years Experience or 6 Years Experience in the planning, implementation, upgrading and/or monitoring of security measures which make up the protection of corporate or government networks
Experience in the planning, implementation, upgrading and/or monitoring of security measures which make up the protection of corporate or government networks

Responsibilities

Execute and oversee RMF Documentation and Compliance
Review the accuracy and traceability of all A&A documentation within eMASS to support timely system authorization
Review documentation to ensure full compliance with cybersecurity policies and standards (DoD, DoW, DoN, and RMF)
Conduct security control assessments and validations of a system's technical and non-technical security features to mitigate known threats and vulnerabilities effectively
Ensure the completion of all necessary RMF products and reporting in accordance with policy and in collaboration with the Security Control Assessor
Assist in updating any documentation related to risk assessments (such as Risk Assessment Reports, Plan of Actions & Milestones, etc.) based on the results of assessments
Conduct the necessary vulnerability analysis to facilitate the mitigation and determination of residual risk as required
Provide support for the continuous monitoring program as needed, especially when System Level Continuous Monitoring results are essential to meet ongoing authorization requirements
Assist in contingency planning, testing, and execution as necessary
Support the incident response process and actively participate in meetings with the program team, offering updates on project status