Cybersecurity Systems Analyst, Intermediate

Cybersecurity Systems Analyst, Intermediate

FEDITC is seeking a Cybersecurity Systems Analyst, Intermediate
, to work at Hurlburt Field AFB, FL
.

A United States Citizenship and an active TS/SCI DoD Security Clearance is required to be considered for this position.

Performs assessment and authorization coordination. Advises and assists the customer with Risk Management Framework (RMF) and develops a Plan of Action and Milestones for resolving network deficiencies in accordance with DODI 8510.01 and ICD 503. The duties of this task include assessing network compliance against controls listed in NIST 800-53 and creating A&A packages. Performs assessment, compliance, and validation of IT systems to support the Cybersecurity program.

The Contractor shall execute a comprehensive assessment, compliance and validation of customer networks to ensure compliance with regulations and security and standards. The end goal is to ensure the integrity of customer systems by identifying and mitigating potential shortcomings and vulnerabilities. Advise on network and system risks, risk mitigation courses of action, and operational. Additionally, the Cybersecurity Systems Analyst should be able to perform security evaluations and vulnerability assessments using the DOD Assured Compliance Assessment Solution (ACAS), Nessus vulnerability scanning tool and Security Content Automation Protocol tool.

Identify applicable STIGs and perform assessments using the Security Content Automation Protocol tool. The Cybersecurity Systems Analyst will liaison with network and system administrators to correct identified deficiencies. The Cybersecurity Systems Analyst will also scan (or review scans) for new systems and applications being introduced into the SOF environment, identify issues, and draft certification letters for the government. The contractor will liaison with the Site Integration Facility (SIF) to ensure systems and application meet the standards in the DISA Security Technical Implementation Guides (STIG).

The Cybersecurity Systems analyst should be knowledgeable of cyber network defense tools such as end point security, SIEM, comply to connect, etc.

• Tracks A&A status of SIE governed ISs. Ensures these artifacts and documentation are available in the USSOCOM-chosen automated tool.
• Advises stakeholders on the adequacy of implementation of cybersecurity requirements.
• Provide DoD & IC RMF subject matter expertise, and assist with the development and execution of the RMF program.
• Maintain, track, and validate DISN, cloud and DIA connection approval packages.
• Develop and maintain supporting documentation for new and existing networks, cloud environments, information systems and technologies as they are introduced into the SIE.
• Develop and review the A&A of SIE networks, cloud environments, systems, services, telecommunication circuits, mobile devices, portable electronic devices, hardware, and software using the DoD & IC RMF to obtain an Authority to Operate (ATO), Interim Authority to Test (IATT), or Authority to Connect (ATC).
• Perform risk and vulnerability assessments of IT and IS for authorization; prepare risk assessment reports for submission to the SCA and Authorizing Official/Designated Authorizing Official/Designated Accrediting Authority (AO/DAO/DAA) in accordance with DoD, DIA, USCYBERCOM, USSOCOM, Component Command, TSOC, and deployed forces’ policies, procedures, and regulations.
• Assist with the enforcement of A&A, as well as DoD, DIA, USSOCOM, Component Command, TSOC, and deployed forces’ connection standards for networks and systems.
• Track and maintain A&A databases, web sites and tools to ensure that networks, systems and devices are properly documented and managed from a cybersecurity perspective.
• Track and report to higher headquarters organizations (e.g. USCYBERCOM, DIA) compliance with applicable Cybersecurity regulations and directives.
• Ensure timely notifications are made to responsible individuals and organizations in order to prevent lapses in accreditations (e.g., 30, 60, and 90 day notices).
• Develop and maintain an Information Security Continuous Monitoring (ISCM) Plan. This plan shall…