ECS is seeking a
Senior Cyber Security Analyst to work in our
Arlington, VA office.
ECS is seeking a seasoned security professional with experience in implementing and communicating RMF compliance for the Department of Defense and Navy in our
Arlington, VA location.The CS Analyst is responsible for helping to manage the program's Assessment and Authorization (A&A) efforts by focusing on the Risk Management and Security Authorization activities in accordance with the applicable National Institute of Standards and Technology (NIST) 800 series guidelines, the Risk Management Framework and applicable Federal Information Processing Standards (FIPS) standards. The CS Analyst will report to the CS Team Lead and perform and manage tasks related to the entire Assessment and Authorization (A&A) lifecycle. The CS Analyst Senior will:
- Create new and modify existing hardening standards for emerging technologies for potential on-premise and cloud-based technologies.
- Collaborate with developers and various teams to integrate secure coding and application security requirements and best practices into development processes.
- Recommend secure application configurations and conduct security testing on the proposed application. Facilitate and support the IT Risk Acceptance process. Other duties as assigned. Complete required A&A activities on assigned IT systems.
- Perform continuous monitoring of security controls to ensure that they are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems.
- Work with technical teams to mitigate security control deficiencies and scan vulnerabilities for assigned IT systems.
- Assess the cybersecurity impact of changes to assigned IT systems.
- Conduct self-assessments of security controls, identify weaknesses, and track remediation activities in Plan of Action and Milestones (POA&M) via eMASS.
- 3+ years of experience with IT, including in a DoD environment
- 3+ years of experience with DIACAP and NIST Risk Management Framework (RMF) policies, including continuous monitoring, information system security policies, standards, and procedures
- Experience with preparing or supporting DIACAP or RMF packages and supporting documentation and DoD Authorization and Accreditation (A&A) process and standards
- Experience with using the Enterprise Management Assurance Support Service (eMASS)
- Knowledge of IA or INFOSEC concepts and requirements
- Ability to conduct security control selection, tailoring, and overlays
- Ability to analyze a security plan and perform system security analysis
- Ability to work independently
- Active Secret clearance -DoD 8140 IAM or IAT Certification, including Security+ CE, CISM, CISSP, or CASP
