Cyber Security Analyst Senior
8 - 10 years experience • Aerospace / Defense
Bowhead seeks a Cyber Security Analyst Senior to support NAVEBS solutions at Washington Navy Yard. NAVEBS is a portfolio of three separate yet closely aligned business/information technology (IT) systems (software solutions); EPS, SLDCADA, and Navy ERP. The Cyber Security specialist must be experienced in Defense Acquisition programs, familiar with developing cybersecurity requirements, strategy, Program Protection Plan documentation and the application of the above documents and knowledge of DoD public key infrastructure (PKI) implementation. The Cyber Security Analyst Senior must have knowledge and experience to develop and effectively manage processes, procedures and implementation of security controls necessary to keep the system in compliance with all DoD, Federal and DON security-related policies, including FISMA and others. Responsibility for cybersecurity issues may include those related to system architecture, additional tools to enhance system security and monitoring, FISCAM and audit-related issues and requirements, testing and issues related to Cloud hosting.
Essential functions to include:
- Risk Management Framework process and security control implementation and testing
- DIACAP Certification & Accreditation packages
- Documentation process to create POA&M and Risk Assessment Reports including mitigation factors
- Document controls and artifacts in the eMASS system.
- Manage all issues related to Risk Management Framework (RMF) and cybersecurity compliance for PMW220 portfolio systems in development and sustainment, with emphasis on systems operating in traditional data centers and commercial cloud hosting environments.
- Manage all issues related to the inheritance of security controls and the proper testing and documentation of these controls.
- Identify, implement and test the security controls and protective measures that will lead to the successful RMF Assessment and Authorization (A&A) and meet all requirements of the RMF.
- Implement the SPAWAR Information Assurance Technical Authority IA/TA standards in all portfolio systems, as appropriate.
- Manage and maintain all eMASS packages, test results, evidence and artifacts required to achieve successful authorizations of systems. This will require providing guidance and coordinating communications between all members of the authorization team, including the Program Cybersecurity Teams, the Validators, SPAWAR Package Submitting Office (PSO), the Security Control Assessor representatives and the Navy Authorizing Official representatives to achieve Authorizations to Operate (ATO) for all portfolio system
- Manage all issues related to Risk Management Framework (RMF) and project management for PMW220 portfolio systems in development and sustainment, with emphasis on systems operating in traditional data centers and commercial cloud hosting environments.
- Bachelor's degree from an accredited college or university in Computer Science, Cybersecurity or Information Technology, or equivalent experience. An educational equivalency of at least four (4) years of experience with applying technical security controls and RMF Authorizations, or in a comparable assignment (i.e., Information System Security Manager, etc.) on an enterprise business system may be substituted for a Bachelor's degree. A CISSP or equivalent cybersecurity certification is required.
- Experience in implementing RMF for major Business IT Systems.
- Knowledge of developing CS requirements, CS Strategy, Program Protection Plan documentation and the application of the above documents and knowledge of DoD PKI implementation.
- Specialized experience with at least seven (7) years of technical experience with implementation of Cybersecurity, DoD system accreditations, implementation of security controls and management of security-related Cloud Hosting/NetworkInfrastructure issues with a minimum of five (5) years of experience in a cybersecurity leadership position.
Familiarity with DoD, DON and Federal cybersecurity policies and guidelines, including:
-- DoDI 8500.01, "Cybersecurity," 14 March 2014
-- DoDI 8510.01, "Risk Management Framework (RMF) for DoD Information Technology (IT)," 12 Mar 2014
-- FIPS Publication 199, "Standards for Security Categorization of Federal Information and Information Systems"; February 2004
-- DoDD 5000.01, "The Defense Acquisition System," 20 Nov 2007
-- DoDD 8140.01, "Cyberspace Workforce Management," 11 August 2015
-- DoDI 5000.02, "Operation of the Defense Acquisition System," 07 Jan 2015
-- GAO-09-232G, "Federal Information System Controls Audit Manual (FISCAM)," February 2009
-- Committee on National Security Systems Policy (CNSSP) Number 11, Acquisition of Information Assurance (IA) and IA-Enabled
-- Information Technology (IT) Products, June 2013
-- DoDI 8520.2, "Public Key Infrastructure (PKI) and Public Key (PK) Enabling," 24 May 2011
-- DoDI 8551.01, "Ports, Protocols, and Services Management (PPSM)," 28 May 2014
-- DoDI 8580.1, "Information Assurance (IA) in the Defense Acquisition System," 9 Jul 2004
-- SECNAVINST 5230.15, "Information Management/Information Technology Policy for Fielding of Commercial Off the Shelf Software," 10 Apr 2009
-- SECNAVINST 5239.3B, "Department of the Navy Information Assurance Policy," 17 Jun 2009
SECURITY CLEARANCE REQUIRED: Must currently hold a security clearance at the Secret level. US Citizenship is a requirement for Secret clearance at this location.