Senior Cyber Security Analyst
Job ID: 4140
CALIBRE Systems Inc., an employee-owned Management Consulting and Digital Transformation company, is seeking a Systems Architect to join our dynamic team in Alexandria, VA. The Systems Architect will provide support to a Government Agency as it establishes its cybersecurity infrastructure in order to comply with and support the Department’s and Agency’s cyber mission and will assist the client ensuring its systems adhere to the Department’s Risk Management Framework (RMF).
- Assist with Assessment and Authorization (A&A) activities and develop relevant A&A reports
- Review security plans and other A&A documents for applications to determine if mandated procedures and tasks are followed.
- Prepare accreditation packages, continuous monitoring plans, POAMs, risk assessment reports and create/validate security plan.
- Ensure ACAS scans are valid in accordance with client scanning guidance and uploaded into eMASS and associated to necessary controls where applicable.
- Upload evidence of compliance with DoD STIGs, to include SCAP scans and other artifacts, as provided by program, product or project managers, into eMASS where applicable.
- Upload evidence of compliance with DoD Cyber Hardening Campaign Efforts, to include Sonatype and Fortify Code Scans provided by program, product or project managers, into eMASS and associate with necessary controls.
- Ensure POAM entries are kept current in eMASS and report on POA&M statuses.
- Active Secret Clearance.
- IAM Level I Certification: CompTIA Security+ CE, GIAC Security Leadership (GSLC), or Certified Authorization Professional (CAP).
- Five years’ experience in an Information Assurance and/or cybersecurity role (e.g., Security Architects, Systems Engineers, Cyber-Security Engineers, ISSO, Security Control Assessors, CND Analysts or Project Managers) supporting the Department of Defense, Department of Homeland Security or the Intelligence Community.
- Bachelor's or Master's degree in Computer Science, Information Systems, Engineering, or other relevant discipline; or professional certification in network engineering; or equivalent work experience.
- Demonstrated experience with all phases of RMF, with particular emphasis managing the ATO process.
- Demonstrated experience with eMASS or a similar tool.
- Demonstrated experience with DISA STIG Viewer tool.
- Demonstrated experience with NIST RMF SP 800-series.
- Ability to work in a fast-paced, fluid environment
- Proficient with the Microsoft Office suite
- Strong verbal and written communication skills
- Understanding of DoDIN, DISA Information Assurance Guidance, and FEDRAMP Cloud Computing
- Knowledge of the DoD Cloud Computing Security Requirements Guide.
- Experience responding to information assurance vulnerability alerts (IAVAs), security breaches, USCYBERCOM, and JFHQ-DODIN Task Orders.
- Experience working in A&A, Secure Operations, and Cybersecurity Governance/Policies for DoD.
- Experience working in vulnerability analysis, STIGs, and cyber security remediation.
- Experience planning, developing, implementing, tracking, and maintaining cybersecurity metrics and POAMs.
- Experience with reviewing Cloud Service Provider System Security Plans.
- Experience with RMF System Level Continuous Monitoring Plans.
- Experience developing, implementing, and maintaining agency Incident Response Plans.
- Experience developing, implementing, and maintaining agency Patch Management Guides.
- Experience performing technical risk and providing eMASS reports for accreditation.
- Privacy, PII, and PHI cyber expertise (FISMA, HIPPA, Private Impact Assessments)