Cybersecurity Analyst

Job Title:  Cybersecurity Analyst

Location:  Remote

Citizenship: US Citizenship Required

Security Clearance: Must be able to obtain and maintain government agency public trust.

Salary:  $100,000.00 $110,000.00 wage range. You will receive a competitive total rewards package that is applicable to the U.S. only. The salary range may vary based on experience, skillset, and geographical location.                                                                        

Are you passionate about cybersecurity and driven to protect critical information systems from emerging threats? AttainX is seeking a Cybersecurity Analyst where you’ll provide subject matter expertise and support for IT security activities, ensuring the safety and resilience of our client’s key infrastructure. Step into a role that offers the opportunity to safeguard critical systems, drive cybersecurity excellence, and play a key role in shaping a secure digital landscape.

Qualifications:

• Bachelor’s degree from an accredited college or university in computer science, engineering, information science, information systems management, mathematics, statistics or technology management or equivalent related experience.
• 5-7 years’ experience with cybersecurity frameworks and risk management.
• Experience in performing risk assessments, implementing security controls, and conducting CMAs.
• Expertise in preparing security documentation, including System Security Plans.
• Familiarity with the Authorization to Operate (ATO) process.
• Able to develop NIST (SP) 800-53 Revision 5 Security Controls.
• Self-starter with excellent problem-solving skills and attention to detail.
• Excellent verbal and written communication skills.
• Proficient with Microsoft Office, Outlook, SharePoint, MS, Excel, and MS Teams.
• Must have active CompTIA Security+CE and ISC2 Governance, Risk and Compliance (CGRC) certifications.
• Must be able to pass and maintain a security clearance public trust background check.

Key Responsibilities:

Responsible for providing cybersecurity support to the Office of the Chief Financial Officer (OCFO) and Office of Technology Solutions (OTS) security portfolio of financial systems, such as eRecovery, mLINQS, PeoplePlus, Compass Data Warehouse (CDW).

• Continuous Monitoring Assessments (CMA): Prepare and conduct CMAs, validate security controls, perform risk assessments, and review/update security documentation to maintain the highest levels of cybersecurity.
• Security Control Assessments: Enable consistent, comparable, and repeatable assessments of security controls for OTS information systems. Promote better understanding of risks, providing management officials with trustworthy information to make informed security decisions. The contractor shall perform the following functions for all systems to meet the desired certification standards mandated by EPA Policy CIO 2150.3 and NIST800-53.
• Risk Assessment and Management: Categorize information systems based on their criticality and sensitivity, select, and tailor security controls, and supplement those controls based on in-depth risk assessments. Ensure all security measures are documented in the System Security Plan.
• Ensure effective management and protection of EPA’s financial information resources using EPA CIO 2150.5, Information Security Policy and NIST Guidelines that reduce EPA’s exposure to cybersecurity risk.

• Conduct risk and vulnerability analyses assessments using security subject matter expertise (SME) by applying compliant security controls to ensure EPA best practices implementation.
• Report all system changes and updates to the Information Security Officer (ISO) and Information System Security Officer (ISSO) on all matters involving the security posture of EPA information security systems.
• Drafts Annual Tabletop Exercise for each EPA system to include disaster recovery, contingency planning, incident response, roles and responsibilities, current risk scenarios, and debriefing.
• Implementation and Evaluation: Implement and assess the effectiveness of security controls within the information system, determining risk acceptability at the agency level.
• Improve system security plans (SSP), memorandums of understanding (MOU), interconnection security agreements (ISA) and all security related artifacts in SharePoint, and SPLUNK.
• Led development of Plan of Action & Milestone (POA&M) timeline and resolution.
• Authorization to Operate (ATO): Participate in ATO functions, ensuring systems meet necessary standards before operation.
• Continuous Security Monitoring: Oversee and monitor security controls on an ongoing basis to ensure continuous protection against evolving threats.
• Manage and updates weekly Critical, High, Medium, and low vulnerabilities metrics report and vulnerabilities remediated to EPA management.
• Maintain ongoing system awareness through continuous monitoring.
• Create and modify System Security interconnection diagrams.
• Attend weekly In-Brief / Out-Brief Meetings.
• Manages Controlled Unclassified Information (CUI) and Personal Identifiable Information (PII).

Key Activities Include:

• System Categorization: Evaluate the criticality and sensitivity of the information system.
• Security Control Selection & Tailoring: Choose and customize security controls based on the system’s risk profile.
• Risk-Based Control Supplementation: Adjust security controls as needed following comprehensive risk assessments.
• System Security Plan Documentation: Accurately document all security controls. of the OCFO OTS portfolio of systems, such as Compass, eRecovery, mLINQs, OCFO General Support System, PeoplePlus, Payment Tracking System and other major applications to meet the current NIST 800- 53 standard and conduct risk assessments for scheduled system enhancements.
• Security Control Implementation & Assessment: Deploy security controls and assess their effectiveness.
• Physical Security Assessments
• Risk Determination: Evaluate agency-level risk and risk acceptability for information systems.
• Authorization to Operate (ATO) Participation: Ensure systems meet compliance for operation.
• Ongoing Monitoring: Continuously monitor and assess security controls to adapt to emerging risks.

Non-Essential Functions:

• General Duty Requirements 

About Us

AttainX Inc. is SBA Certified 8(a), Women Owned Small Business (WOSB), Economically Disadvantaged WOSB (EDWOSB), CMMI Level 3, ISO 9001:2015 certified QMS and Silver Level SaFe Partner. For more than 12 years, AttainX, Inc. has delivered emergent technologies, software products, and high-quality services that meet the needs of our Federal Government customers. 

The last 3 years have shown significant company growth as we have increased our contracts portfolio and hold the “Best in Class” contract vehicles, GSA MAS and OASIS Small Business and 8(a) Pools 1, 2 and 3. In addition, we are prime on several Agency Specific IDIQ’s and BPA’s with the National Oceanic and Atmospheric Administration, Department of Energy, Navy, Health and Human Service and the Defense Intelligence Agency.

AttainX is dedicated to quality and best practices for the services we provide. We understand our people are the key ingredient to ensuring our customers Mission and Goals are met with excellence. 

Benefits  

We are proud to offer competitive compensation and benefits packages to include paid vacation, medical, dental, vision, matching 401K plan, tuition/training reimbursement, and Long & Short-Term Disability. 

EEO Commitment:

AttainX is an equal employment opportunity/affirmative action employer, we are committed to providing a workplace that is free from discrimination based on race, color, ethnicity, religion, sex, national origin, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, pregnancy, genetic information, or any other status protected by applicable federal, state, local, or international law. These protections also extend to applicants. Follow the links below to find out more.

EEO is Law Poster

EEO is Law Supplement

Pay Transparency Nondiscrimination Provision

Accommodations:

If you are an individual with a disability and would like to request a reasonable workplace accommodation, please send an email to Human Resources.   Indicate the specifics of the assistance needed. 

Physical Demands:

Sitting and working on a computer for long, continuous periods each day; effective communications by telephone, email, and face-to-face; standing, walking, and sitting; handling and feeling objects or controls; reaching; talking and hearing; lifting and/or moving up to 10 pounds; and specific vision abilities including close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust and focus.

Work Environment: The noise level in the work environment is usually moderate.