Job Details

Cyber Security Analyst II

Advertiser
SAIC Corporation
Location
San Diego, California, United States
Rate
-

Description

This position supports the Assessment and Authorization (A&A) cybersecurity efforts for NIWC PAC code 82000 to support the Research, Development, Test & Evaluation (RDT&E) network. The Cybersecurity Analyst II will serve as a Risk Management Framework (RMF) Subject Matter Expert (SME) for all network security architectures, designs, implementations, and operations within 3 NIWC Pacific RDT&E systems, networks, and applications. Additionally he/she will provide engineering and technical support for the testing of systems, software, tools and products while identifying operational and functional requirements of new, developing and existing systems and develop a system security approach, which includes but not limited to defining potential threats, vulnerabilities, safeguards, and risk factors.

Roles and associated responsibilities

1. Provide practice of Cloud Computing Security Requirements Guide (SRG) and cloud computing industry best practices; and utilize these tools to assist in the evaluation, research and development of IT cloud security risk assessments, security tools, and implementation plans.

2. Analyze / implement enterprise architecture/design, cloud migration plans, generating auditing reports, performance, interoperability, and functionality.

3. Work with all layers of technology stack (network routing and switching, firewalls, Virtual Private Network (VPNs), load balancers, network and server virtualization, server operating systems, large storage systems, data-exchange interfaces, databases, middleware, web services, and enterprise management tools used to administer all such capabilities).

4. Evaluate risks associated with extending the network boundaries and data migration to a cloud environment.

5. Work on Instances and software lists for the AWS Gov Cloud in the West region under Availability Zone A.

6. Utilize the testing and analysis of IA controls and secure configuration using the Assured Compliance Assessment Solution (ACAS).

7. Monitor software compliance in the DoN Application and Database Management System (DADMS).

8. Policy development and enforcement.

9. Assess information security risks to new projects and non-standard IT requests using risk assessment methodologies.

10. Provide experience of NIST SP 800-53, RMF implementation and provide recommendations in accordance with NIST FIPS 199.

11. Provide a system security approach, which includes defining potential threats, vulnerabilities, safeguards, and risk factors.

12. Develop A&A documentation to include system security plans, system categorization forms, contingency plans, configuration management plans, support and sustainability plans.

13. Utilize eMASS and the process for entering all system packages, artifacts, and supporting documentation.

14. Analyze system configurations per DISA STIG using STIGviewer, SCC, and OpenSCAP.

15. Create network architecture and data-flow diagrams.

16. Must be able to verify both technical and non-technical findings, propose actions to address the findings, develop a tracking process inclusive of performance metrics, and prepare responses or reports demonstrating that the findings have been addressed in the Plans of Action and Milestones (POA&M).

17. Provide continuous monitoring efforts of Program of Records (PORs).

Qualifications

Key Skills, Knowledge and Abilities

Must have high level of understanding of various virtual and cloud services (AWS or Google services)

Must have experience developing Security Policies/Standard Operating Procedures (SOPs)/Other Documentation.

Must be able provide analysis of Directives, Policies, Instructions (CTOs, FRAG/TASK/OPORDs, IAVM, PKI Guidance), Impact on RDT&E Network/ VRAM

Demonstrate experience and processes for reviewing security control implementation down to the Control Correlation Identifier (CCI) level for compliance and provide appropriate guidance to customers developing valid mitigation/ remediation statements.

Education:

1. Bachelor's Degree in (STEM), or an Information Technology (IT) related field AND five (5) years of relevant work

experience, OR Associate's Degree in an Information Technology (IT) related field AND eight (8) years of relevant

work experience, OR High School Diploma or equivalent AND ten (10) years of relevant work experience.

2. Commercial certification meeting or exceeding DoD 8570.01M requirements for IAM-1 (Cloud+, AWS or MS

Azure)

3. Four (4) years of demonstrated experience in Risk Management Framework (RMF) to include performing ALL of

the following:

a. Analyzing / Implementing the Cloud Computing Security Requirements Guide (SRG) and cloud computing

industry best practices

b. Analyzing / Implementing enterprise architecture/design, cloud migration plans, generating auditing

reports, performance, interoperability, and functionality.

c. Evaluating risks associated with extending the network boundaries and data migration to a cloud environment.

d. eMASS package development

e. Assessment and Authorization (A&A) processes

f. Testing and analysis of IA controls and secure configuration using the Assured Compliance Assessment

Solution (ACAS)

g. Analyzing system configuration per DISA STIG using STIGviewer, SCC, and OpenSCAP

4. Demonstrated knowledge of RMF National Institute of Standards & Technology (NIST)

5. Qualified Navy Validator (QNV) or equivalent is preferred

Secret clearance Required


Overview

SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $7.1 billion. For more information, visit saic.com . For ongoing news, please visit our newsroom . For SAIC benefits information, see Working at SAIC . EOE AA M/F/Vet/Disability

Send application

Mail this job to me so I can apply later

Apply With CV

You are not logged in. If you have an account, log in to your account. If you do not have an account, why not sign up? It only takes a minute!

latest videos

Upcoming Events