Posted today
Secret
Unspecified
Unspecified
IT - Security
Arlington, VA (On-Site/Office)
Job Description
ECS is seeking a Senior Cyber Security Analyst to work in our Arlington, VA office.
ECS is seeking a seasoned security professional with experience in implementing and communicating RMF compliance for the Department of Defense and Navy in our Arlington, VA location.
The CS Analyst is responsible for helping to manage the program's Assessment and Authorization (A&A) efforts by focusing on the Risk Management and Security Authorization activities in accordance with the applicable National Institute of Standards and Technology (NIST) 800 series guidelines, the Risk Management Framework and applicable Federal Information Processing Standards (FIPS) standards. The CS Analyst will report to the CS Team Lead and perform and manage tasks related to the entire Assessment and Authorization (A&A) lifecycle. The CS Analyst Senior will:
#ECS1
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
ECS is seeking a Senior Cyber Security Analyst to work in our Arlington, VA office.
ECS is seeking a seasoned security professional with experience in implementing and communicating RMF compliance for the Department of Defense and Navy in our Arlington, VA location.
The CS Analyst is responsible for helping to manage the program's Assessment and Authorization (A&A) efforts by focusing on the Risk Management and Security Authorization activities in accordance with the applicable National Institute of Standards and Technology (NIST) 800 series guidelines, the Risk Management Framework and applicable Federal Information Processing Standards (FIPS) standards. The CS Analyst will report to the CS Team Lead and perform and manage tasks related to the entire Assessment and Authorization (A&A) lifecycle. The CS Analyst Senior will:
- Create new and modify existing hardening standards for emerging technologies for potential on-premise and cloud-based technologies.
- Collaborate with developers and various teams to integrate secure coding and application security requirements and best practices into development processes.
- Recommend secure application configurations and conduct security testing on the proposed application. Facilitate and support the IT Risk Acceptance process. Other duties as assigned. Complete required A&A activities on assigned IT systems.
- Perform continuous monitoring of security controls to ensure that they are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems.
- Work with technical teams to mitigate security control deficiencies and scan vulnerabilities for assigned IT systems.
- Assess the cybersecurity impact of changes to assigned IT systems.
- Conduct self-assessments of security controls, identify weaknesses, and track remediation activities in Plan of Action and Milestones (POA&M) via eMASS.
- 3+ years of experience with IT, including in a DoD environment
- 3+ years of experience with DIACAP and NIST Risk Management Framework (RMF) policies, including continuous monitoring, information system security policies, standards, and procedures
- Experience with preparing or supporting DIACAP or RMF packages and supporting documentation and DoD Authorization and Accreditation (A&A) process and standards
- Experience with using the Enterprise Management Assurance Support Service (eMASS)
- Knowledge of IA or INFOSEC concepts and requirements
- Ability to conduct security control selection, tailoring, and overlays
- Ability to analyze a security plan and perform system security analysis
- Ability to work independently
- Active Secret clearance -DoD 8140 IAM or IAT Certification, including Security+ CE, CISM, CISSP, or CASP
- BS degree in CS or Engineering preferred
- 3+ years of experience with supporting Navy Commands in the implementation or assessment of Cybersecurity controls or legacy DIACAP implementation
- 3+ years of experience with system and network vulnerability analysis, risk assessment and risk mitigation analysis, security test and evaluation (ST&E), contingency planning, and firewall policy, ports, and protocols
- Experience with Retina, Nessus, SCAP Compliance Checker, STIGs, hardening systems, and applying IA controls
- Experience with Nessus, ACAS, SCAP, and HBSS
- Possession of excellent oral and written communication skills
- Navy Qualified Validator (NQV) Appointment or Legacy Fully Qualified Navy Validator (FQNV) Appointment
#ECS1
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
group id: 10112231A
