We have 2 Cyber Security Analyst positions open. The Jr position requires 1-3 years of experience with what is below and the Sr position requires 3-5 years of experience with what is below.
This position is 40% remote but located in Baltimore, MD.
- Assess information systems for compliance with the NIST RMF and the associated security controls.
- Review current security assessment and authorization processes and provide recommendations for improvement.
- Conduct system security categorizations, security control assessments, risk assessments, and provide recommendations to enahnce the security posture of the information system.
- Draft agency specific security control assessment (SCA) guidance, procedures, and templates to allow thorough and accurate control assessments, risk analysis, and final documentation in the Security Assessment Report (SAR).
- Support the Risk Management Branch by implementing appropriate methods to evaluate risk levels associated with improperly implemented security controls, characterizing aggregate levels of risk to include recommendations to fix, mitigate, or accept the risk.
- Develop Risk Assessment Reports (RAR).
- Provide support by providing guidance on control requirements.
- Conduct Security Impact Assessments (SIAs) on changes to information systems.
It is desired (but not required) that the candidate possess the CISSP, CAP, Security+, CEH or other similar certification.
- Must have extensive experience in cybersecurity documentation and system authorization artifacts (System Security Plan, lifecycle documentation, continuous monitoring plan, Security Assessment Plan, Security Assessment Report, Risk Assessment, etc.)
- Working knowledge of:
- NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
- NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems
- NIST SP 800-30 Guide for Conducting Risk Assessments
- NIST SP 800-39 Managing Information Security Risk
- Must have strong critical thinking/analytical skills, creativity, a proven drive for quality, and excellent oral and written communication skills.
- Must have strong technical writing skills.
- Must be able to work under only general direction and be able to independently determine and develop a risk assessment approach to proposed new agency solutions, only needing review upon completion for adequacy in meeting objectives.
- Must be able to interpret and provide consulting on the development of security guidance, and serve as a RMF SME at key stakeholder meetings.
- Must have extensive knowledge in reviewing, analyzing, and documenting the secure implementation of logical controls, physical controls, environmental controls, personnel security and incident handling.
- Must have strong organizational skills and an ability to stay focused while managing multiple tasks concurrently.
- Must be able to pass a Public Trust Level 5 suitability to obtain clearance.