Senior Cyber Security Analyst
Job ID: 4181
CALIBRE Systems Inc., an employee-owned Management Consulting and Digital Transformation company, is seeking a Systems Architect to join our dynamic team in Huntsville, AL. The Cyber Security Analyst will lead a team providing support to a Government Agency as it establishes its cybersecurity infrastructure in order to comply with and support the Department’s and Agency’s cyber mission. The Cyber Security Analyst will assist with the creation and implementation of an overall Cyber Security strategy plan for the Agency.
The Cyber Security Analyst’s responsibilities include, but are not limited to, the following:
- Advise Agency staff on a range of cybersecurity-related issues including but not limited to Risk Management Framework (RMF) accreditation, establishing information system boundaries, assessing the severity of weaknesses, risk mitigation approaches, security alerts, and vulnerabilities
- Advise system owners and their supporting contractor staff as they work to achieve and/or renew the system’s Authority to Operate (ATO), which includes but is not limited to preparing accreditation packages, continuous monitoring plans, POAMs, risk assessment reports and creating a security plan.
- At the Agency’s request and under its direction, assist with Assessment and Authorization (A&A) activities and develop relevant A&A reports
- Monitor timeliness of accomplishment of required actions and documents pertaining to the A&A of the system throughout its lifecycle
- Assist Government Leadership with business systems’ migration to the agency cloud environment.
- Review security plans and other A&A documents for all applications to determine if mandated procedures and tasks are followed
- Provide Enterprise-level visibility of all authorization packages offering comprehensive organizational cybersecurity postures via Enterprise Mission Assurance Support Service (eMASS)
- As required, represent the Agency in Department cyber oversight and governance activities
- US Citizenship.
- Active Secret Clearance.
- IAM Level III certification: Certified Information Security Systems Professional (CISSP), GIAC Security Leadership Certification (GSLC) or Certified Information Security Manager (CISM).
- Eight+ years’ of progressive experience as a Manager / Lead in an Information Assurance and/or cyber security role (e.g., Security Architects, Systems Engineers, Cyber Security Engineers, ISSO, Security Control Assessors, CND Analysts or Project Managers) supporting the Department of Defense, Department of Homeland Security or the Intelligence Community.
- Understanding of DoDIN, DISA Information Assurance Guidance, and FEDRAMP Cloud Computing.
- Demonstrated experience with all RMF phases, with particular emphasis managing the ATO and A&A processes.
- Demonstrated in-depth experience with eMASS or similar tool.
- Demonstrated experience with NIST Risk Management Framework SP 800-series.
- Bachelor's or Master's degree in Computer Science, Information Systems, Engineering, or other relevant discipline; or Professional certification in network engineering; or equivalent work experience.
- Ability to work in a fast-paced, fluid environment
- Proficient with the Microsoft Office suite
- Strong verbal and written communication skills
- Experience working in A&A, Secure Operations (CND) and Cyber security Governance/Policies for DoD.
- Experience working in vulnerability analysis, STIGs, and cyber security remediation.
- Experience planning, developing, implementing, tracking, and maintaining cyber security metrics and POAMs.
- Experience with RMF Continuous Monitoring Plans.
- Experience developing, implementing, and maintaining agency Incident Response Plans.
- Experience developing, implementing, and maintaining agency Patch Management Guides.
- Experience performing technical risk, ACAS/Nessus vulnerability/endpoint malware scanning, and provide eMASS reports for accreditation.
- Privacy, PII, and PHI cyber expertise (FISMA, HIPPA, Private Impact Assessments)