Sr. Risk Analyst (Top Secret clearance required)
Fort Belvoir, VA

Job Description

DEI has a new and exciting opportunity at Ft Belvoir. The ideal candidate will perform several functions to support a DoD agency in the accomplishment of their Weapons of Mass Destruction (WMD) mission. The candidate will support the organization's mission for Cyber Mission Assurance per DoD 8500.1, 8500.2, and 8510.01 and NIST 800-37, 800-53, 800-39, and 800-30. The candidate will provide subject matter expertise in developing an agency-wide cyber security model for risk and threat assessment beyond the Risk Management Framework, with an understanding of the enterprise architectures and the evaluation risk in complex data driven information environments. The candidate will provide security architecture and design guidance to programs in development and production environments.

PRIMARY RESPONSIBILITIES:

For the agency's Top Research & Development effort for Counter-Weapons of Mass Destruction - CWMD: (1) Provides an assess and advise role to the Constellation development organization; (2) Actively participates in design meetings, security architecture guidance, assessment of security findings to assist in the resolution or prioritization of POA&Ms, and general guidance for security issues as needed; (3) and provides technical support by evaluating software and application configurations that require more specific system knowledge.

For the Authorization and Assessment (A&A) process by:

* Participate in meetings and identifying areas of concern and potential mitigation strategies for systems under evaluation
* Conduct analysis and recommendations as needed prior to the development of recommendation letter to the Authorizing Official (AO)
* Develop a risk profile of potential mission impacts.
* Directly support the AO to include the evaluation of risk questions related to individual systems or policy. The analysis includes an assessment of DoD policy, guidance, and industry best practices.

As a member of the Cross Domain Support Element (CDSE) team supports the United Cross Domain Services Management Office (UCDSMO) is developing a new CDS Risk Assessment Model based on the Risk Management Framework. Efforts will consist of attending meetings, telecoms, providing comments and suggestions as the new model is developed. Perform risk assessments of systems and solutions being brought to the CDSE to help determine the best course of action.

The agency's IT Directorate (J6) requires security support in the development of a long-term cyber risk model for the organization and the identification of programs that support the implementation of this program. Current projects include the coordination of cyber related data needs with the Chief Data Officer and the establishment of standards for collection within the existing agency programs especially within J6. Performs many risk related functions that require policy and technical understanding of cyber security and application

Qualifications

BASIC REQUIRED QUALIFICATIONS:

* Active Top Secret clearance with SSBI (TS/SCI highly preferred)
* BA/BS (In Computer Science, Information Systems or a related technical field experience).
* Minimum 15 years' experience working in an information/Cyber security, information technology or compliance related field
* Active TS Clearance with SSBI
* 8570 Compliance : Certified Information System Security Professional (CISSP) and Official training on Windows or Linux operating systems
* Active Certified Ethical Hacker (CEH) Certification
* Experience with information assurance assessment tools and the DISA STIGs
* Understanding of the Risk Management Framework (RMF) and DoD certification and accreditation roles/process
* Understanding of deterministic and predictive risk models established by MITRE Corporation and the ability to adjust these models for use with the DTRA environment
* A demonstrated understanding of network security, operating system security (Redhat Linux), Application configuration, database servers, Hadoop, Accumulo, and other network service technologies
* Experience in conducting limited source code reviews for secure coding standards as defined in NIST, Software Engineering Institute (SEI), and Open Web Application
* Experience in understanding the strengths and weaknesses in data elements and the potential impacts to the protection of the classified information and integrity of classified assets Security Project (OWASP)
* Ability to think system wide and asses risk across multiple missions and domains.
* Takes personal responsibility and accountability for timely response to client queries, requests or needs, working to remove obstacles that may impede execution or overall success.
* Takes personal ownership and accountability to meet deadlines and achieve agreed-upon results, and has the personal organization to do so.
* Collaborates with other team members and contributes productively to the team's work and output, demonstrating respect for different points of view.
* Excellent verbal and communication skills in dealing with technical issues and interacting with executives and senior managers
* Experience with Federal standards for the implementation of cyber risk programs is required.

ADDITIONAL PREFERRED QUALIFICATIONS:

* Experience in Red Team/Penetration testing
* System Security Engineering/Architecture experience on a DoD development effort
* Active TS/SCI
* Knowledge of Cross Domain Solutions (CDS), including the risk assessment and approval process
* Understands the objectives of the various DTRA organizations, and identify the potential impact of threats to those organizations, and the risk to the overall DTRA mission

Defense Engineering Inc. (DEI), a Service Disabled Veteran Owned Small Business, headquartered in Alexandria, Virginia, is a growing IT engineering firm that specializes in modernizing and operating reliable IT systems by harnessing emerging technologies with proven innovations. Our capabilities include a full range of IT engineering, cyber security, IT strategic planning, IT operations, program management, software/application development, and IT communications implementation.

Defense Engineering, Inc. is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class.