Cyber Security Analyst

Maritime Cybersecurity Analyst - Senior

This position requires an active Public Trust clearance or the ability to obtain a Public Trust clearance to be considered.

Applicant MUST have prior US Navy or Coastguard Maritime Cyber Security Experience

The Senior Maritime Cybersecurity Analyst provides expert cybersecurity support to the MARAD Information Assurance Program, supporting system authorization, continuous monitoring, and Authority to Operate (ATO) activities for maritime information systems. This role works closely with MARAD program offices, Information System Owners, and ISSMs to manage security documentation, assess risk, support compliance with federal and maritime cybersecurity requirements, and strengthen the security posture of IT and OT systems supporting maritime operations.

Compensation & Benefits:

Estimated Starting Salary Range for Maritime Cybersecurity Analyst - Senior : $135,000 - $151,000

Pay commensurate with experience.

Full time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided. Benefits are subject to change with or without notice.

Maritime Cybersecurity Analyst - Senior Responsibilities Include:

• Provide support to the MARAD Information Assurance Program for operations, business and administrative in support of the System Authorization Process and deliverables as defined in this document. Direct involvement with MARAD Program Office and the Information System Security Manager (ISSM) on cybersecurity and authority to operate (ATO) matters related to information systems supporting the MARAD CIO. Background on Network Architecture, hardware, software, contingency planning and disaster recovery required. Maritime background desired. Analyst will provide support for 3-4 systems depending on system level (Low, Moderate or High) and the current state of compliance of each system's ATO.

• Manage MARAD's Information System's core documentation, in accordance with each phase of the system engineering process / System Development Life Cycle (SDLC) with standardized templates, baseline management with supporting checklists and technical guides, including but not limited to the DOT Security Authorization and Continuous Monitoring Guide, Weakness Guide and other Core Documents include: o Provide information system data for Privacy Impact Assessments (PIAs), Privacy Threshold Analyses (PTAs), and System of Record Notices (SORNs). This includes interfacing/coordinating with the System Owner (SO) that originates/has responsibility for the document to ensure the PIA/PTA/SORN contains appropriate information to be approved/adjudicated by DOT Privacy Office for inclusion in System Authorization package.

• Support creation/update of FIPS 199 Security Categorization document; ensure information type(s) and special considerations (if applicable) are defined.

• Support creation/update security control selection listing (include justification for applicable tailor and or risk acceptance)

• Support creation/update System Security Plan (SSP); ensure discovered and identified system components, control implementation status are addressed. o

• Support creation/update Information System Configuration Management Plan. o

• Support creation/update Information System Account Management Plan. o

• Support creation/update Audit Log Monitoring Plan o Develop and Maintain Inventory of Information System Interconnections and review, Develop / update Interconnection Security Agreements and MOUs in accordance with NIST 800-47

• Support creation/update Risk Assessment and relevant impact rating pertaining within the scope of this statement of work.

• Assist the Information System Owner (ISO), Business Sponsor, and Information System Security Manager (ISSM) in recording all known security weaknesses of assigned information systems in the Plans of Action and Milestones (POA&M's) in accordance with DOT policy, guides and procedures.

• Develop Draft Plan of Action and Milestones (POA&M) for observed control level deficiencies or gaps control implementation(s) in accordance with DOT policy, guides and procedures.

• Support the information system contingency planning process in accordance with NIST SP 800-34 Revision (Current), Guide to Test, Training and Exercise Programs for MARAD information and ensure contingency plan test exercise results are documented in an after-action report, and Lessons Learned corrective actions are captured for updating information in the Information Systems Contingency Plan (ISCP).

• Assist in security incident response, risk mitigation, and compliance reporting.

• Performs other job-related duties as assigned

Maritime Cybersecurity Analyst - Senior Experience, Education, Skills, Abilities requested:

• 10+ years of experience in cybersecurity, with expertise in maritime/vessel cybersecurity, IT/OT security, and federal cybersecurity policies.

• Strong knowledge of NIST RMF, NIST Cybersecurity Framework (CSF), FISMA, and Navy or U.S. Coast Guard Maritime Organization cybersecurity requirements.

• Experience with Continuous Diagnostics and Mitigation (CDM), Information Security Continuous Monitoring (ISCM), and Identity, Credential, and Access Management (ICAM).

• Proven ability to lead cybersecurity assessments, compliance audits, and risk management activities.

• Understanding of the principles, methods, and tools of quality assurance and quality control used to ensure a product fulfills functional requirements and standards. • Proficiency in Microsoft Office Suite, Power BI, Tableau, and SharePoint.

• Must pass pre-employment qualifications of Cherokee Federal

Company Information:

Criterion is a part of Cherokee Federal - the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government's mission with compassion and heart. To learn more about Criterion , visit cherokee-federal.com.

#CherokeeFederal #LI-SM2 #LI-REMOTE #AppC

Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.

Similar searchable job titles:

• Senior Maritime Cybersecurity Analyst

• Maritime Information Security Analyst

• RMF Cybersecurity Analyst

• Senior GRC Analyst (Maritime)

• Federal Cybersecurity Analyst

Keywords:

• Maritime Cybersecurity,

• NIST RMF,

• Authority to Operate (ATO),

• System Security Plan (SSP),

• POA&M,

Legal Disclaimer: Cherokee Federal is an equal opportunity employer. Please visit cherokee-federal.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, and Accommodation request.

Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.