Information Systems Security Analyst

Information Systems Security Analyst

Dahlgren, VA
Active Secret Clearance

@Orchard is supporting a growing Federal contract with proven capabilities in cyber security. We are seeking a skilled Information Systems Security Analyst to be proposed for a new project supporting the Navy. This role will be based out of Dahlgren, VA and will be responsible for o verseeing and managing information security program implementation within organization and other areas of responsibility . If selected, you will be asked to sign a letter of intent to join the team upon program award.

As the Information Systems Security Analyst you will:

• Manages strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources.
• Acquire and manage necessary resources, including leadership support, financial resources, and key security personnel, to support IT security goals, and reduce overall organizational risk.
• Advise and assist ISSM/ISSO in A&A process for command.
• Evaluate and support documentation, validation, and accreditation processes necessary to ensure that new IT systems meet NIST Special Publications Risk Management Framework (RMF) Cybersecurity requirements.
• Develop, review, and obtain Government approval of plans to assess security controls to include creating Security Assessment plan (SAP).
• Develop SAP and Rules of Engagement (ROE) for Government approval, outlining assessment scope, methodology, and resources.
• Conduct security control assessment, including activities such as Security Categorization Review, System Security Plan Analysis, and other assessments as defined in SAP; deliver comprehensive Security Assessment Report (SAR), documenting findings, vulnerabilities, and recommendations for remediation; include Vulnerability Assessment Report and Executive Briefing in report.
• Implement initial remediation actions based on SAR recommendations; deliver Issue Resolution Report and Remediation Status Report within timeline.
• Review, revise, develop, update, and maintain all RMF required artifacts associated with command's A&A program.
• Provide direct support for accreditation of systems/networks utilizing RMF process.
• Identify and recommend corrections for security deficiencies discovered during security and certification testing and continuous monitoring or identify risk acceptance for authorized representatives.
• Develop Plan of Actions (POAs) addressing outstanding security weaknesses identified in SAR, outlining remediation tasks and timelines; compile comprehensive Security Authorization Package, including SAR, POA, System Security Plan, and other relevant documents for Navy Authorizing Official review.
• Conduct comprehensive risk assessment, determining potential risks to organizational operations, assets, individuals, and organizations.
• Include Residual Risk Statement documenting remaining risks i; provide recommendation to NAO on residual risk acceptability, supported by Risk Acceptance Recommendation Report and briefing.
• Perform additional actions required to support electronic classroom deployment.
• Conduct Functional Area Needs Analyses and provide recommendations on Cybersecurity architecture, requirements, objectives, and policies.
• Provide research and analysis of new and emerging technologies in hardware, software, and applications and applicability to mission.
• Assess impacts of system modifications and technological advances; consult staff to gather and evaluate functional requirements, translate into technical solutions.
• Provide guidance on applicability of information systems to meet business needs.
• Guide, gather, and evaluate functional and security requirements.
• Translate requirements into guidance on applicability of information systems.
• Develop and document requirements, capabilities, and constraints for design procedures/processes; translate functional requirements into technical solutions.
• Integrate and align information security and IA policies to ensure system analyses meet security requirements.
• Specify power supply and heating, ventilation, and air conditioning (HVAC) requirements and configurations based on system performance expectations and design specifications.

Qualifications:

• Four (4) years of experience in Cybersecurity.
• Bachelor's Degree or CNSSI 4012 certificate or ADQ GA7 desired but not required. May substitute successful completion of at least one of the following military training courses for desired education: NEC 2779 or 3372 or CIN W-3B-1500 or A-4C-1340
• Requires a CompTIA Security+, Certified Authorization Professional (CAP), CompTIA Advanced Security Practitioner (CASP), or Project Management Professional (PMP) certification.
• Requires IAT Level II certification.
• Must maintain a Secret clearance / T3 investigation and be a U.S. citizen.