Sr. Cyber Security Analyst (Ft Belvoir, VA)
Fort Belvoir, VA

Job Description

Job Description

Description

SAIC is seeking for a Sr. Cyber Security Analyst at Ft Belvoir, VA.

Job Duties:

* Develop and maintain System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), and other security related documentation in support of a cloud enterprise solution.


* Draft and maintain System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), and other security related documentation in support of a cloud enterprise solution.


* Identify potential risks associated with system configurations and advise on mitigation strategies


* Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort


* Assist in development and implement detailed test plans and review findings from self-assessments to determine readiness for independent validation and verification (IV&V) assessment


* Conduct cybersecurity analysis in preparation for A&A events by reviewing and validating all associated cybersecurity documentation and technical controls.


* Supports the implementation of RMF by developing documentation and updating policies, procedures, and processes as assigned.


* Perform assessment and authorization (A&A) efforts under the NIST Risk Management Framework (RMF) on behalf of INSCOM G7.


* Represent INSCOM G7 to very senior level government, industry and/or academia settings; must be able to understand and supervise/advise information assurance and network security accreditation procedures


* Work with program personnel, integration contractors, site ISSOs and IAMs to facilitate the collection of data required for accreditation projects


* Provide recommendations for Confidentiality, Integrity and Availability by identifying appropriate NIST 800-53 IA controls within accreditation packages and verify implementation is in accordance with DNI, DoD and Army IA standards



Responsibilities and Duties:

* Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.


* Conduct IV&V assessments and analyze test results for accuracy, compliance, and adherence to Federal cybersecurity requirements


* Review and document Monthly ACAS scans, SCAP Scans, and STIG checklists


* Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report/document findings in POA&Ms


* Document residual risks and provide the cybersecurity risk analysis and mitigation determination results


* Produce risk assessment artifacts describing initial risks during system development and residual risks identified during IV&V


* Covers all cybersecurity aspects including, but not limited to, identifying risks, validating the mitigation of plans of action, analyzing system designs, and assisting with A&A issues that may prevent a system from receiving authorization.


* Maintain cybersecurity policy and processes as assigned


* Able to analyze, interpret, and apply Federal cybersecurity guidance to customer needs


* Communicate the security posture of systems through designated reporting mechanism


* Collaborate with other team members in cybersecurity



Qualifications

Required Experience and Clearance:

* 13 years of related experience with a HS/GED; OR Bachelors and 9 years of experience; OR Masters and 7 of experience ; OR PhD or JD and 4 years of experience.
* Active TS SCI clearance, with ability to obtain a CI Poly (Clearance must me listed in JPAS.)
* 3+ years of relevant experience with Risk Management Framework (RMF) A&A activities.
* 3+ years of experience in the following areas: Cybersecurity policy, procedures, and processes, including RMF and NIST 800-53 and A&A's
* Experience using MS office tools such as Excel, Word and Visio
* Familiar with NIST publications, specifically RMF and NIST controls
* Familiar with dealing with defense- in-depth and other information security and assurance principles and associated supporting technologies
* Excellent customer service and organization skills
* Excellent oral and written communication skills
* Must demonstrate proficiency in the following areas: multi-tasking, critical thinking; and the ability to work quickly, efficiently and accurately in a dynamic and fluid environment
* Ability to work both independently and as a member of a team
* Microsoft Office (Word, Excel, Visio, PowerPoint, MS Project), MS