Cyber Security Analyst - Senior
Washington Navy Yard, DC

Job Description

SENIOR CYBER SECURITY ANALYST (NAVEBS-19-0993-F):

Bowhead seeks a Senior Cyber Security Analyst to support NAVEBS solutions at the Washington Navy Yard. The Senior Cyber Security Analyst must be experienced in Defense Acquisition programs and familiar with developing cyber security requirements, strategy, and Program Protection Plan documentation. The Senior Cyber Security Analyst will be responsible for the application of the above documents and must also possess knowledge of DoD public key infrastructure (PKI) implementation.

The ideal candidate must elevate their view above stereotypical cybersecurity compliance and monitoring to be able to perform oversight at the program level. This oversight must include network, platform and SAP applications (including Oracle DBs). This person must be able to write and execute scripts (checklists) to determine if cybersecurity personnel are maintaining the systems within the portfolio as required to meet RMF and FISCAM criteria passively; without interviewing.

Candidates must also be capable of developing test scripts (checklists) that allows a security assessor/auditor to determine if cybersecurity personnel, tools and processes are functioning as they should to maintain compliance with cybersecurity and FISCAM (the Enterprise IT Control Standards) requirements.

Qualified candidates must have knowledge and experience to develop and effectively manage processes, procedures and implementation of security controls necessary to keep the system in compliance with all DoD, Federal and DON security-related policies, including FISMA and others. Responsibility for cybersecurity issues may include those related to system architecture, additional tools to enhance system security and monitoring, FISCAM and audit-related issues and requirements, testing and issues related to Cloud hosting.

Essential functions to include:

* Risk Management Framework (RMF) process and security control implementation and testing
* Documentation process to create POA&M and Risk Assessment Reports including mitigation factors
* Document controls and artifacts in the eMASS system
* Manage all issues related to RMF and cybersecurity compliance for PMW220 portfolio systems in development and sustainment, with emphasis on systems operating in traditional data centers and commercial cloud hosting environments
* Manage all issues related to the inheritance of security controls and the proper testing and documentation of these controls
* Identify, implement and test the security controls and protective measures that will lead to the successful RMF Assessment and Authorization (A&A) and meet all requirements of the RMF
* Implement the SPAWAR Information Assurance Technical Authority IA/TA standards in all portfolio systems, as appropriate
* Manage and maintain all eMASS packages, test results, evidence and artifacts required to achieve successful authorizations of systems. This will require providing guidance and coordinating communications between all members of the authorization team, including the Program Cybersecurity Teams, the Validators, SPAWAR Package Submitting Office (PSO), the Security Control Assessor representatives and the Navy Authorizing Official representatives to achieve Authorizations to Operate (ATO) for all portfolio systems.

About this Contract: NAVEBS is a portfolio of three separate yet closely aligned business/information technology (IT) systems (software solutions); EPS, SLDCADA, and Navy ERP.

Requirements • Specialized experience with at least seven (7) years of technical experience with implementation of cybersecurity, DoD system accreditations, implementation of security controls and management of security-related Cloud Hosting/Network Infrastructure issues with a minimum of five (5) years of experience in a cybersecurity leadership position is required.

* Bachelor's degree from an accredited college or university in Computer Science, Cybersecurity or Information Technology, or equivalent experience is required. An educational equivalency of at least four (4) years of experience with applying technical security controls and RMF Authorizations, or in a comparable assignment (i.e., Information System Security Manager, etc.) on an enterprise business system may be substituted for a Bachelor's degree.
* Applicable cybersecurity certification (e.g., CISSP, CAP, CISA, CISM) is required.
* Knowledge of developing CS requirements, CS Strategy, Program Protection Plan documentation and the application of the above documents and knowledge of DoD PKI implementation.
* Familiarity with DoD, DON and Federal cybersecurity policies and guidelines, including:

o DoDI 8500.01, "Cybersecurity," 14 March 2014

o DoDI 8510.01, "Risk Management Framework (RMF) for DoD Information Technology (IT)," 12 Mar 2014

o FIPS Publication 199, "Standards for Security Categorization of Federal Information and Information Systems"; February 2004

o DoDD 5000.01, "The Defense Acquisition System," 20 Nov 2007

o DoDD 8140.01, "Cyberspace Workforce Management," 11 August 2015

o DoDI 5000.02, "Operation of the Defense Acquisition System," 07 Jan 2015

o OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control

o GAO-09-232G, "Federal Information System Controls Audit Manual (FISCAM)," February 2009

o Committee on National Security Systems Policy (CNSSP) Number 11, Acquisition of Information Assurance (IA) and IA-Enabled

o Information Technology (IT) Products, June 2013

o DoDI 8520.2, "Public Key Infrastructure (PKI) and Public Key (PK) Enabling," 24 May 2011

o DoDI 8551.01, "Ports, Protocols, and Services Management (PPSM)," 28 May 2014

o DoDI 8580.1, "Information Assurance (IA) in the Defense Acquisition System," 9 Jul 2004

o SECNAVINST 5230.15, "Information Management/Information Technology Policy for Fielding of Commercial Off the Shelf Software," 10 Apr 2009

o SECNAVINST 5239.3B, "Department of the Navy Information Assurance Policy," 17 Jun 2009

* Intermediate to advanced level skills in Microsoft Office software suite - Word, Excel, Outlook, PowerPoint
* Ability to communicate effectively with all levels of employees and outside contacts
* Strong interpersonal skills and good judgment with the ability to work alone or as part of a team

SECURITY CLEARANCE REQUIRED: Must currently hold and be able to maintain a security clearance at the Secret level. US Citizenship is a requirement for Secret clearance at this location.

Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC's Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant's resume/application may be subject to verification.

Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes.

UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, national origin, disability, veteran status, and other protected characteristics EOE/AA/M/F/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act.

All candidates must apply online at www.uicalaska.com, and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance (http://www.uicalaska.com/contact-us/human-resources/).

UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Alexandria, VA, we are a fast-growing, multi-million-dollar corporation recognized as one of the top 25 8(a) companies for government contracting.

^ Cut/Paste this Link to Apply:

http://bit.ly/RMFSrCyber

* Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
* Please view Equal Employment Opportunity Posters provided by OFCCP here.
* The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

Apply Online Send This Job to a Friend

© Ultimate Software