Today
Unspecified
Senior Level Career (10+ yrs experience)
Unspecified
Occasional travel
IT - Security
Overview:
Join the ITility team and make a difference! We are seeking an experienced and highly motivated Senior Cyber Security Analyst to play a key role in advancing the cybersecurity posture of the United States Military Entrance Processing Command (USMEPCOM) in North Chicago, IL. As part of ITility’s enterprise IT support to USMEPCOM, a Major Command of the U.S. Department of Defense (DoD) responsible for screening and processing applicants into the U.S. Armed Forces, you will help secure the systems that connect recruiting and training operations across 67 Military Entrance Processing Stations (MEPS) nationwide. This is a remote position with occasional client site visits (10-20% Travel).
The ideal candidate will bring at least eight years of hands-on experience in cyber security within government contracting or consulting environments, with proven expertise in Risk Management Framework (RMF), Enterprise Mission Assurance Support Service (eMASS), DISA STIG assessments, vulnerability mitigation, and cloud-based security compliance. In this role, you will provide direct technical and project support to the Cybersecurity Support Lead, ensuring the effective execution of complex initiatives that safeguard mission-essential systems and data.
At ITility, we help our customers command the future by thinking beyond perceived limits to create innovative ways to protect and defend our nation. We inspire and empower our teams to deliver meaningful solutions that secure what matters most for our customers, our communities, and our country.
ITility is a Service-Disabled Veteran-Owned Small Business (SDVOSB) dedicated to equipping our nation’s armed forces and first responders with the tools, technology, and expertise they need to succeed. From the virtual battlefield to boots on the ground, our people, processes, and performance drive the mission, today and for generations to come.
We Value:
* The Drive to Perform Beyond Perceived Limits.
* The Desire to Find Significance in All We Do.
* The Passion and Compassion That Powers Both.
Applicants should have experience in:
* Creating, updating, and submitting Authorization to Operate (ATO) packages in eMASS.
* Creating, updating, and closing POA&Ms in eMASS.
* Assessing a variety of DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) manually and through use of automated tools within hybrid and cloud environments (e.g., AWS GovCloud, Azure Government).
* Performing STIG Assessments on in-house developed software through use of the Application Security and Development (ASD) STIG.
* Supporting vulnerability compliance verification using tools such as ACAS, Tenable Nessus, or similar vulnerability scanning tools.
* Working in agile, DevSecOps, or CI/CD environments to integrate security early in the development lifecycle.
* Coordinating with cybersecurity stakeholders, System Administrators, ISSOs, and system owners to maintain ATO compliance and documentation.
Key Responsibilities:
* Perform duties as ISSM to include all 6 stages of the Risk Management Framework (RMF) for USMEPCOM’s ATO packages
* Collaborate with cross-functional teams and Subject Matter Experts (SMEs) to assess DoD, NIST, DISA, Army, and USMEPCOM cybersecurity compliance across custom-built and COTS/GOTS applications
* Conduct a range of cyber risk analyses and security assessment methods to identify potential vulnerabilities and threats
* Perform comprehensive STIG assessments on new target systems to verify compliance, mitigate security risks, and achieve ATO accreditation
* Assess baseline configurations for each server type to ensure all new servers are deployed from verified clean images
* Prepare RMF ATO documentation (HW/SW List, Implementation Plan, RAR) and process ETPs for unmitigated findings, ensuring proper justification and approval
* Develop and maintain Plans of Action and Milestones (POA&Ms) to track open cybersecurity risks, ensuring timely mitigation and compliance with applicable security standards and regulations
* Facilitate effective communication among technical and nontechnical stakeholders, including development, network engineering, and CSO/Program ISSM teams
* Coordinate with subject matter experts (SMEs) as needed to verify the relevance of identified vulnerabilities
* Execute vulnerability scans in ACAS/Tenable Security Center to identify, document, and address security weaknesses, supporting continuous compliance with DoD cybersecurity standards
* Manage assessment artifacts in DoD eMASS in preparation of packages for RMF (DoDI 8510.01, NIST SP 800-37) processes.
* Evaluate security controls per NIST SP 800-53A.
Required Qualifications:
* Strong technical background in cyber security, with a focus on RMF and risk analysis
* Experience with security frameworks, regulations, and standards, including NIST, DoD, and industry-specific requirements
* Ability to draft and propose security policies as needed, ensuring alignment with organizational standards and submitting to the CSO for review and approval
* Familiarity with security technologies, including firewalls, intrusion detection systems, and encryption
* Excellent problem-solving and analytical skills, with the ability to think critically and creatively
* Strong communication and collaboration skills, with the ability to work effectively with stakeholders
* Ability to work in a fast-paced, dynamic environment with multiple priorities and deadlines
* Experience using Atlassian Jira to manage and track assigned tickets; ensure timely updates, resolution of issues, and proper closure in accordance with organizational procedures and SLAs
Education/Clearance/Certification Requirements:
* U.S. Citizenship Required
* B.S. degree in a technical discipline such as Computer Science, Computer Engineering, Electrical Engineering, Computer Security, or Information Technology
* 8+ years of experience using the NIST Risk Management Framework (RMF) to create and submit ATO packages
* 8+ years of experience as an ISSM
* 8+ years of experience working in eMASS
* 5+ years of experience performing STIG assessments
* 3+ years of experience in a DoD environment
* Experience running Assured Compliance Assessment Solution (ACAS) or similar vulnerability scanning tools, compliance scans, and DISA STIG Viewer
* Strong analytical and organizational skills with excellent communication skills (written and verbal communications)
* Required to hold and maintain an active ISC2 Certified Information Systems Security Professional (CISSP) or equivalent certification in accordance with DoD 8570 IAM II compliance standards
* Must possess or be eligible for a Tier 3 (T3) background investigation, in accordance with DoD security clearance requirements
Physical Requirements:
* Ability to sit or stand for extended periods while performing computer-based tasks.
* Regular use of hands for typing, writing, and handling office equipment; frequent talking, hearing, and seeing.
* Occasional movement around the office, including climbing stairs.
* Ability to travel up to 5%, which may include occasional visits to client sites or government installations.
Join the ITility team and make a difference! We are seeking an experienced and highly motivated Senior Cyber Security Analyst to play a key role in advancing the cybersecurity posture of the United States Military Entrance Processing Command (USMEPCOM) in North Chicago, IL. As part of ITility’s enterprise IT support to USMEPCOM, a Major Command of the U.S. Department of Defense (DoD) responsible for screening and processing applicants into the U.S. Armed Forces, you will help secure the systems that connect recruiting and training operations across 67 Military Entrance Processing Stations (MEPS) nationwide. This is a remote position with occasional client site visits (10-20% Travel).
The ideal candidate will bring at least eight years of hands-on experience in cyber security within government contracting or consulting environments, with proven expertise in Risk Management Framework (RMF), Enterprise Mission Assurance Support Service (eMASS), DISA STIG assessments, vulnerability mitigation, and cloud-based security compliance. In this role, you will provide direct technical and project support to the Cybersecurity Support Lead, ensuring the effective execution of complex initiatives that safeguard mission-essential systems and data.
At ITility, we help our customers command the future by thinking beyond perceived limits to create innovative ways to protect and defend our nation. We inspire and empower our teams to deliver meaningful solutions that secure what matters most for our customers, our communities, and our country.
ITility is a Service-Disabled Veteran-Owned Small Business (SDVOSB) dedicated to equipping our nation’s armed forces and first responders with the tools, technology, and expertise they need to succeed. From the virtual battlefield to boots on the ground, our people, processes, and performance drive the mission, today and for generations to come.
We Value:
* The Drive to Perform Beyond Perceived Limits.
* The Desire to Find Significance in All We Do.
* The Passion and Compassion That Powers Both.
Applicants should have experience in:
* Creating, updating, and submitting Authorization to Operate (ATO) packages in eMASS.
* Creating, updating, and closing POA&Ms in eMASS.
* Assessing a variety of DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) manually and through use of automated tools within hybrid and cloud environments (e.g., AWS GovCloud, Azure Government).
* Performing STIG Assessments on in-house developed software through use of the Application Security and Development (ASD) STIG.
* Supporting vulnerability compliance verification using tools such as ACAS, Tenable Nessus, or similar vulnerability scanning tools.
* Working in agile, DevSecOps, or CI/CD environments to integrate security early in the development lifecycle.
* Coordinating with cybersecurity stakeholders, System Administrators, ISSOs, and system owners to maintain ATO compliance and documentation.
Key Responsibilities:
* Perform duties as ISSM to include all 6 stages of the Risk Management Framework (RMF) for USMEPCOM’s ATO packages
* Collaborate with cross-functional teams and Subject Matter Experts (SMEs) to assess DoD, NIST, DISA, Army, and USMEPCOM cybersecurity compliance across custom-built and COTS/GOTS applications
* Conduct a range of cyber risk analyses and security assessment methods to identify potential vulnerabilities and threats
* Perform comprehensive STIG assessments on new target systems to verify compliance, mitigate security risks, and achieve ATO accreditation
* Assess baseline configurations for each server type to ensure all new servers are deployed from verified clean images
* Prepare RMF ATO documentation (HW/SW List, Implementation Plan, RAR) and process ETPs for unmitigated findings, ensuring proper justification and approval
* Develop and maintain Plans of Action and Milestones (POA&Ms) to track open cybersecurity risks, ensuring timely mitigation and compliance with applicable security standards and regulations
* Facilitate effective communication among technical and nontechnical stakeholders, including development, network engineering, and CSO/Program ISSM teams
* Coordinate with subject matter experts (SMEs) as needed to verify the relevance of identified vulnerabilities
* Execute vulnerability scans in ACAS/Tenable Security Center to identify, document, and address security weaknesses, supporting continuous compliance with DoD cybersecurity standards
* Manage assessment artifacts in DoD eMASS in preparation of packages for RMF (DoDI 8510.01, NIST SP 800-37) processes.
* Evaluate security controls per NIST SP 800-53A.
Required Qualifications:
* Strong technical background in cyber security, with a focus on RMF and risk analysis
* Experience with security frameworks, regulations, and standards, including NIST, DoD, and industry-specific requirements
* Ability to draft and propose security policies as needed, ensuring alignment with organizational standards and submitting to the CSO for review and approval
* Familiarity with security technologies, including firewalls, intrusion detection systems, and encryption
* Excellent problem-solving and analytical skills, with the ability to think critically and creatively
* Strong communication and collaboration skills, with the ability to work effectively with stakeholders
* Ability to work in a fast-paced, dynamic environment with multiple priorities and deadlines
* Experience using Atlassian Jira to manage and track assigned tickets; ensure timely updates, resolution of issues, and proper closure in accordance with organizational procedures and SLAs
Education/Clearance/Certification Requirements:
* U.S. Citizenship Required
* B.S. degree in a technical discipline such as Computer Science, Computer Engineering, Electrical Engineering, Computer Security, or Information Technology
* 8+ years of experience using the NIST Risk Management Framework (RMF) to create and submit ATO packages
* 8+ years of experience as an ISSM
* 8+ years of experience working in eMASS
* 5+ years of experience performing STIG assessments
* 3+ years of experience in a DoD environment
* Experience running Assured Compliance Assessment Solution (ACAS) or similar vulnerability scanning tools, compliance scans, and DISA STIG Viewer
* Strong analytical and organizational skills with excellent communication skills (written and verbal communications)
* Required to hold and maintain an active ISC2 Certified Information Systems Security Professional (CISSP) or equivalent certification in accordance with DoD 8570 IAM II compliance standards
* Must possess or be eligible for a Tier 3 (T3) background investigation, in accordance with DoD security clearance requirements
Physical Requirements:
* Ability to sit or stand for extended periods while performing computer-based tasks.
* Regular use of hands for typing, writing, and handling office equipment; frequent talking, hearing, and seeing.
* Occasional movement around the office, including climbing stairs.
* Ability to travel up to 5%, which may include occasional visits to client sites or government installations.
group id: 10274471
