Cyber Security Analyst (Senior)
Company: SPN Solutions Inc.
Location: Falls Church
Posted on: October 12, 2018
Position: Senior Cyber Security Analyst (ISSO)Place of performance: Falls Church, VACertification: DoD 8570---01M --- IAM Level III (CISSP, CISM, or GIAC)Security Clearance: DoD Secret (Active)Job Description: The ideal candidate for this Senior Information Systems Security Officer (ISSO) position will be an RMF Subject Matter Expert with an IAM Level III Certification and an Active DoD Secret Clearance. The candidate should have expert knowledge and experience developing RMF documentation. The candidate should have a strong working knowledge of and experience using eMASS.Summary: The Senior ISSO will work with our team of Senior Cyber Security Specialists to transition the Department of Defense, Defense Health Agency (DoD/DHA) systems from DIACAP to RMF. The ideal candidate will provide expert consultation across a wide range of cross---functional areas of Cyber Security services in support of this DHA Mission. The Senior ISSO will also provide project planning, guidance and technical expertise in the following areas: program, policy, process, and planning; risk management, auditing, and assessments; Assessment and Authorization (A&A) using the NIST Risk Management Framework (RMF) guidelines; and quality planning and control.Requirements:Minimum Qualifications:
- United States Citizen with an active DoD Secret Clearance (A Must).
- Bachelor's Degree in Information Technologies, Cyber Security or a related field.
- Hold a current and verifiable DoD 8570--- 01M Certification at an IAM Level III (CISM, GIAC, or CISSP).
- Three (4) years' experience performing RMF Assessments and Accreditation.Knowledge, Skills and Abilities:
- Knowledge and experience with current NIST Federal Information Processing Standards (FIPS) and
- Special Publications (SP): SP800---18, SP800---37, SP800---53, SP800---53A, SP800---60, FIPS---199, FIPS---201 and
- FIPS---140---2, and other policies and their application to enterprise IT security.
- Ability to write RMF Assessment Scripts and Test plans.
- Experience with selection, implementation, validation, and establishment of DISA CCIs
- Proficient in MSWord, Excel, Access, PowerPoint and Outlook.
- Specialized experience in the analysis, design and implementation of security procedures of hardware
- and software on complex, large---scale systems in an enterprise environment.Experience in the following area:
- Experience with development of responses to POA&Ms.
- Hands---on experience with DISA Security Requirements Guide (SRG)and DISA Security Technical
- Implementation Guides (STIG).Responsibilities:The Senior ISSO shall perform tasks in accordance with NIST SP 800---37 requirements. The work shall be completed during the period of performance. The project will be evaluated for completeness of tasks and objectives weekly. Ensure that the appropriate operational cyber security posture is maintained for assigned IT systems. Develop, update and maintain the System Security Plan (SSP) for assigned systems to include:
- Configuration Management Plan
- Contingency Plan
- Contingency Plan tests
- Continuous Monitoring Plan
- Incident Response Plans
- Incident Response Plan tests
- Federal Information Processing
- Standard (FIPS) Information Types
- Interconnection Security
- Plan of Action & Milestones (POA&M)
- Privacy Impact Assessments (PIA)
- Risk Assessments
- Security control baselines
- Security control inheritance
- Security Impact Analyses
- Business Impact Analyses
- SSP implementation statements
- Technical Description narratives
- System Description narratives
- Hardware/Software Inventory
- Participate in Incident Response activities for assigned IT systems.
- Conduct Contingency Plan, Recovery Plan and Incident Response tests for assigned IT systems.
- Advise system owners on all matters, technical and otherwise, involving the security of assigned IT systems.
- Develop standard operating procedures in accordance with security control requirements.
- Perform continuous monitoring of security controls to ensure that they continue to be implemented
- correctly, operating as intended and producing the desired outcome with respect for meeting the cyber security requirements for assigned IT systems.
- Work with technical teams to mitigate security control deficiencies for assigned IT systems.
- Assess the cyber security impact of changes to assigned IT systems.
- Conduct self---assessments of security controls, identify weaknesses and track remediation activities in
- Plan of Action and Milestones (POA&M).
- Conduct technical vulnerability assessments and prioritize and track remediation efforts.
- Manage the POA&M process for designated IT systems.
- Provide the required system access, information, and documentation to security assessment and audit teams.
- Participate in security assessments and audits for assigned systems and facilitate obtaining evidence for data requests.
- Complete required A&A (Assessment and Authorization) activities on assigned IT systems.
- Assist federal staff in assessing new applications, identifying applicable NIST SP 800---37 RMF requirements and advising system owners of the process.
- Assist with development and maintain Operational Level Agreements (OLAs) and end---to--- end Standard
- Operating Procedures (SOPs) to identify collaborative responsibilities and support process interaction with other Government and contractor IT groups.
- Develop and maintain a detailed policy matrix mapping Federal, and local policies to the required security controls as identified by National Institute of Standards and Technology (NIST) SP800---53.
- Documents include but are not limited to: Standard Operating Procedures (SOPs) Agency Training (e.g., cyber awareness, computer incidents, malicious codes, etc.) - provided by Dice DoD, eMASS, CISSP, PO&AM, RMF
Keywords: SPN Solutions Inc., Washington DC , Cyber Security Analyst (Senior), Professions , Falls Church, DC
Didn't find what you're looking for? Search again!