The Mid-Level Cyber Security Analyst will work with our team of Senior Cyber Security Specialists to provide expert consultation across a wide range of cross-functional areas of Cyber Security services in support of the DAU Mission. He or She will also provide project planning, guidance, and technical expertise in the following areas program, policy, process, and planning; risk management, auditing, and assessments; Assessment and Authorization (A&A) using the NIST Risk Management Framework (RMF) guidelines; and quality planning and control. This position is remote during Covid.
Primary Job Duties
- Three (3) years' experience performing RMF Assessments and Accreditation.
- Ability to work independently as well as collaborate with other contractors, and end users
- Excellent analytical, written, and oral communication.
- Proactive and self-motivated, committed to achieving deadlines, meeting, and producing results.
- Ability to produce quality documentation manage multiple assignments simultaneously
- Knowledge of Microsoft Office Suite and Outlook
- Knowledge of FISMA, NIST and DOD Information Security Policies and Best Practices
- Knowledge of use of tools such as DISA ACAS, DISA Gold Disk, DISA eMASS. HBSS
- Knowledge and experience with current NIST Federal Information Processing Standards (FIPS) and Special Publications (SP) SP800-18, SP800-37, SP800-53, SP800-53A, SP800-60, FIPS-199, FIPS-201 and FIPS-140-2, and other policies and their application to enterprise IT security.
- Experience with selection, implementation, validation, and establishment of DISA CCIs
- Monitor the DAU Network and associated systems for security related incidents, evaluate current threats and provide recommendations for remediation and reporting for any identified incidents to the Information Systems Security Manager (ISSM).
- Use DOD/DAU provided tools to continually assess the security posture of the DAU Network and all connected systems as well as evaluating new systems and changes to existing systems for configuration weaknesses prior to production deployment of the systems.
- Perform Cybersecurity Vulnerability Management (IAVM) Reviews.
- System scanning - Perform necessary scans to assess or demonstrate compliance with IT security controls and shall document weaknesses and vulnerabilities found, if any. Where necessary, test and validate to ensure the system meets applicable DOD, DAU or NIST standards. The results from any scans or tests are submitted to the DAU ISSM.
- Assist with gathering of information to support documentation of artifacts required to accredit all DAU systems and enclaves in order to achieve and maintain an Authority to Operate (ATO)
- Leverage the NIST Federal Information Processing Standards (FIPS) and Special Publications (SP) SP800-18, SP800-37, SP800-53, SP800-53A, SP800-60, FIPS-199, FIPS-201 and FIPS-140-2, and other policies and their application to enterprise IT security.
- Select, implement, validate, and establish DISA CCIs
- Involved in the development of responses to POA&Ms.
- Leverage DISA Security Requirements Guide (SRG) and DISA Security Technical Implementation Guides (STIG).
- Conduct technical vulnerability assessments and prioritize and track remediation efforts.
- Participate in security assessments and audits for assigned systems and facilitate obtaining evidence for data requests.
- Complete required A&A (Assessment and Authorization) activities on assigned IT systems.
- Assist with development and maintenance of Operational Level Agreements (OLAs) and end-to- end Standard Operating Procedures (SOPs) to identify collaborative responsibilities and support process interaction with other Government and contractor IT group
- Bachelor's Degree in Information Technologies, Cybersecurity, or related field
- Active DoD Secret Clearance
- DoD 8570-01M - IAM Level II CAP, GSLC, CISM, CISSP (or Associate).
SPN Solutions is an 8A Certified (SBA) Small Business that provides IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services to customers in the Defense, Federal Civilian Government and Commercial sectors. Our values are the standards that inform and inspire all our activities and distinguish us as a corporation.
At SPN, we have a corporate culture which fosters creative thinking, respects your contributions, and accepts nothing less than excellence in serving our customers. We demonstrate these core principles daily through our corporate Values and culture.
- Comprehensive Health, Dental, and Vision plans available for you and your family
- Premier 401k retirement plan with corporate matching
- Generous vacation and sick leave plan
- Parental leave plan
- Company paid Life and AD&D Insurance
- Tuition reimbursement for continuing education
SPN Solutions Inc. is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, physical or mental disability, sexual orientation, gender identity, age, marital status, medical condition, veteran status, or any other factor determined to be unlawful by federal, state, or local statutes. SPN Solutions Inc. will treat all employees equally with respect to compensation; opportunities for advancement, including upgrading, promotion and transfer, and all other terms and conditions of employment.