As the Data Security Analyst, the candidate will perform tasks related to Assessment & Authorization (A&A) to ensure assigned DoD, DoA systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications. In this role, the Data Security Analyst will conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs. Additionally, the individual will serve as regulations and Information Systems Security Officer (ISSO) and review and conduct technical security assessments of computing environments to identify points of vulnerability, as well as non-compliance with established cyber security standards and regulations, and recommend mitigation strategies to the team.
Responsibilities
- Support the development of RMF accreditation artifact documentation to include Risk Assessment Report (RAR), Information Security Continuous Monitoring (ISCM) Strategy, Security Authorization Package, engineering documentation, network drawings, and related documentation as required by DoD accreditation standards
- Develops, maintains, and monitors the necessary artifacts for A&A package submission to receive ATC, ATT, and ATO certifications
- Review weekly CND vulnerability scans utilizing DoD/DoA mandated practices and software utilities
- Conducts FISMA assessments of cybersecurity control compliance in accordance with DoDI 8500.01, DoDI 8510.01, CNSSI, 1253 and the Cybersecurity Strategy
- Prepare daily, weekly, and monthly reports detailing task and responsibility status.
- Develops, reviews, and maintains RMF artifacts for RMF compliance
- Supports Cybersecurity Test & Evaluation (CT&E) or Developmental Test & Evaluation (DT&E) activities of system security engineering and program protection activities.
- Maintains authorization artifacts in accordance with customer requirements
- Updates, validates and maintains policies, processes, and SOPs, in accordance with DoA and DoD policies and regulations
- Provides IT Security Incident Response support services and reports all tenant IT incidents ranging from security violations (i.e., information spillage and unauthorized usage) and suspicious activity reports
- Attends meetings and works in collaborative a team environment to provide network stability and continuity
- Performs other tasks as required by OSC and the Government contracting office
Required Qualifications/Education And Experience
- High School diploma or equivalent
- Minimum of two (2) years of hands-on experience in the IT/Communications Security environment
- Must be have and maintain a Top-Secret personnel clearance and be eligible for a TS/SCI
- Must be DoD 8570 certified at the IAM-II level
- Must have experience with DoA, DoD RMF processes
- Must have experience with eMASS and experience in the development of Assessment and Authorization plans
- Understanding of computer security, Department of Army, and DoD cyber security policies
- Prior experience with DISA Security Technical Implementation Guides (STIG), Assured Compliance Assessment Solution (ACAS), other DoA, and DoD cybersecurity tools
- Ability to communicate clearly and succinctly in written and oral presentations
- Have knowledge in network, physical, systems, and application security practices
- Must be familiar with and have experience in tools and applications such as Firewalls, IDS/IPS, HBSS, ACAS, Nessus, ARCSIGHT and SIEMs
- Familiarity with DoD, NIST, RMF and FedRAMP processes
- Excellent written and verbal communication skills
Preferred Qualifications/Education And Experience
- Associate’s degree (preferably in Information Technology, Information Management, or Cyber Security)
- Certified Information Systems Security Professional (CISSP) certification
- Experience with SIEMs
Equal Employment Opportunity/M/F/disability/protected veteran status