Cyber Security Analyst (SME)

Cybersecurity Analyst

Council for Logistics Research, Inc.

Benefits Offered: Medical, Life Insurance, 401k, Dental

Employment Type Full-Time

Location: Orlando, FL / Remote Authorized

Supervises: No

Must be a US Citizen and have a current Secret clearance or be eligible to pass the required background Investigation to receive one

Description of Work:

The Cybersecurity Analyst will monitor vendor progress and assist with the creation and employment of methodologies, templates, guidelines, checklists, procedures, and other documents to establish repeatable processes across the information technology security services. The analyst will aid with establishing mechanisms to promote awareness and adoption of security best practices and perform routine IT administration duties as assigned by the Information Systems Security Manager.

The Cybersecurity Analyst shall at a minimum:

• Support the efforts to coordinate the Certification and Accreditation (C&A) of systems in accordance with the Risk Management Framework (RMF) outlined by the National Institute of Standards and Technology (NIST), DoD Instruction 8500.1.
• Support the efforts to coordinate and ensure Assess and Authorization (A&A) of systems are IAW DoD Cybersecurity (CS) A&A RMF process and/or Intelligence Community Directives (ICD) 503/Director of Central Intelligence Directive (DCID) 6/3 guidance, DoDI 8500.01, DoDI 8510.01 and AR 25-2. This includes supporting development, coordination, and support of initial A&A, FISMA and re-authorization requirements.
• Support system security certifications to ensure that subject systems meet all applicable security regulations and standards and can complete successful certification test and evaluation events.
• Support the preparation and generate required security A&A documentation and coordination with the Authorizing Official (AO) to obtain successful system accreditation. Security documentation includes, but is not limited to, artifacts required by RMF and NIST controls such as the Security Plan (SP), Continuity of Operations Plan (COOP), Configuration Management Plan (CMP) and a Plan of Action and Milestones (POA&M).
• Provide Information Assurance Vulnerability Management (IAVM) support to include assisting with dissemination, installation, Information Assurance Vulnerability Alerts (IAVA) reporting, and compliance procedures for IAVM.
• Provide configuration management support of IS software and hardware, maintain software licenses and ensure security related documentation is current and accessible to properly authorized individuals.
• Ensure log files and audits are maintained and reviewed for all systems and that authentication (e.g., password) policies are audited for compliance.
• Review and evaluate the security effects of changes to systems and networks, including interfaces with other ISs, and document changes.
• Ensure the cybersecurity posture and accreditation boundaries are not impacted during IS support and maintenance.
• Ensure no relevant security changes have been made to invalidate any previously authorized accreditation.
• Conduct periodic self-assessments, document validation results, and generate POA&M in support of the Control Approval Chain and Package Approval Chain activities in the US Army Enterprise Mission Assurance Support Service (eMASS) online database.
• Provide independent validation and assessment support by conducting vulnerability scans, determining Security Technical Implementation Guide (STIG) checklist compliance, and reviewing a variety of DoD, DHA, RMF and NIST documentation to include SP, CMP, and other A&A artifacts to assess the cybersecurity posture of subject systems. Once complete, compile, analyze, and document the results in eMASS.
• Provide validation recommendations in support of formulating Interim Authorities to Test (IATT) and Authorities to Operate (ATO) A&A decisions.

Requirements:

• 3-5 years’ experience with demonstrated success and increasing responsibilities.

• B.S. in Computer & Information Science with a Major in Cyber and Information Security Technology or related field.
• Candidates must possess certification acceptable by the Department of Defense:
  1. CompTIA Security+
  2. CompTIA Cloud+
  3. CompTIA Advanced Security Practitioner (CASP+)
  4. ISC2 Certified Cloud Security Professional (CCSP)
  5. ISACA Certified Information Security Manager (CISM)
  6. ISC2 Systems Security Certified Practitioner (SSCP)
• Candidates must possess the ability to exercise mature judgment, possess high ethical standards, a positive work attitude, and the ability to work harmoniously with others in a team-oriented environment.
• Knowledge of Microsoft (MS) Windows Server (2012 and above), Windows 10 Desktop Operating System software, MS Windows Active Directory with server administration (including Group Policy), MS SharePoint, MS O365, Amazon Web Services (AWS) FedRAMP GovCloud, Cisco VoIP phones, SAN storage systems (NetApp or similar), Cisco switches and integrated wireless technologies.
• Experience with Defense Health Agency (DHA) Cloud Computing environments is preferred.

CLR and its subcontractors shall abide by the requirements of 41CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race, color, religion, sex, national origin, sexual orientation, and gender identity. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, gender identity and sexual orientation, protected veteran status or disability.