Overview:
GovCIO is currently hiring for a Cyber Security Analyst to perform risk management tasks associated with RMF . This position will be located in Stuttgart, Germany and will be a onsite only position.
Responsibilities:
Designs, tests, and implements state-of-the-art secure operating systems, networks, and database products. Conducts risk assessments and provides recommendations for application design. Involved in a wide range of computer security issues including architectures, firewalls, electronic data traffic, and network access. Uses encryption technology, penetration and vulnerability analysis of various security technologies, and information technology security research. Prepares security reports for government agencies.
- Performs a wide range of computer security duties, including architectures, firewalls, electronic data traffic, and network access.
- Participates in the certification and accreditation processes; performs technical vulnerability assessments of computer security.
- Provides business continuity and disaster recovery support.
- Engages in intrusion detection and prevention; provides incident reporting and response support.
- Conducts ongoing monitoring of computer security requirements and compliance, maintains system security plans and risk mitigation plans.
- Trains clients in proper computer security measures and prevention.
The Cyber Security Analyst will provide associate level technical expertise in the area(s) of Compliance Reporting and Risk Management Framework (RMF).
Compliance Reporting: Register Information Systems (IS) IAW DoD and CCMD Policy. Registrations include, Ports, Protocols, and Services Management (PPSM), DoD NIPR DMZ Whitelist, and Enterprise Mission Assurance Support System (eMASS). Compile information and provide support for cyber evaluations, inspections (CCRI), security control assessments, continuous monitoring and risk scoring (CMRS), and reporting tasks (for example, the Cybersecurity Scorecard). Ensure that Compliance Reporting performance metrics are monitored through Advanced Analytics (Advana).
Risk Management Framework (RMF): Manage the RMF program for the IS under the purview of the CCMD. Perform technical writing to develop Assessment and Authorization (A&A) documentation for Government approval IAW DoD and CCMD Policies. Coordinate with stakeholders to obtain, update, organize, maintain, and track required RMF documentation (for example, documents, templates, exception to policy, and diagrams) and populate these artifacts in the appropriate repository (eMASS for example). When there is a significant change to the system’s security posture, update the A&A package or obtain a new Authorization to Operate (ATO). Obtain, maintain, and manage
documentation for Program-Managed Systems and Cross-Domain Solutions (CDS) for Authorization to Connect (ATC). Leverage Advanced Analytics (Advana) to support RMF Continuous Monitoring and Continuous Authorization to Operate (ATO).
The successful candidate must be able to communicate clearly and succinctly both written and orally, and present products and ideas in a business-like manner. The candidate will be required to work in dynamic fast-paced environments that require team interaction and coordination of efforts. The candidate must be experienced in interfacing with Stakeholders: Information System Owner/Program Manager, Information Systems Security Manager (ISSM), and/or Information System Security Officer (ISSO). Additionally, the Cyber Security Analyst will provide remote support and/or travel to customer sites as required.
Qualifications:
Bachelor's with 5 - 8 years (or commensurate experience)
Required Skills and Experience
Currently hold an adjudicated Top Secret with the ability to obtain and maintain a TS/SCI Clearance- BA/BS +5 years recent specialized or AA/AS + 7 years recent specialized or a major cert + 11 years recent specialized experience
- DOD 8570 IAM II (CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, HCISPP)
- Experience with eMASS and navigating the RMF process to achieve Authority to Operate (ATO)
- TESA eligibility
Preferred Skills and Experience
ITIL v3 or v4 – Foundation- ISSM and/or ISSO experience
- Cloud Certifications (Azure, AWS, CSSP, etc)
- Combatant Command experience and/or adaptability to changing circumstances and operational needs
- Demonstrated knowledge of DoD Cloud Computing Policies, the Cloud Computing Security Requirements Guide (SRG) and Fed Ramp.
- Demonstrated scripting Experience (e.g. PowerShell, python, etc.).
- Demonstrated experience with NIST SP 800-53, DISA STIGS/SRGs, CMRS, and HBSS/ESS.
• Proficient at O365 tools and environments, to