Senior Cybersecurity Analyst

Cask is a leading Management Consulting firm specializing in delivering business and technical expertise to clients across commercial and government markets. Join the many happy employees at Cask! We have been named a top 5 firm to work for by Consulting Magazine for 5 of the past 6 years.
Cask is seeking a Senior Cybersecurity Analyst to support the Marine Corps. The ideal candidate will have in-depth experience in analyzing and securing DoD networks, systems and applications for compliance with the Risk Management Framework (RMF) and the supplemental specifications, requirements and policies implemented by the Marine Corps. We value entrepreneurial spirits that maintain a team attitude. A Secret Clearance is required for this position.

Responsibilities

•  Lead a cybersecurity Team and provide support in operational, technical and process of system Assessment & Authorization (A&A) packages, to include development and analysis of required policies and other deliverables as required throughout the RMF lifecycle, to obtain and maintain Authorizations to Operate (ATOs) for assigned DoD programs.
•  Assess A&A packages resulting on documented analysis and recommendation to the SCA and support the SCA in achieving and maintaining ATOs.
•  Provide updated guidance, workflows, reports and risk status associated with the A&A efforts for the review, analysis, and recommendations for target activities to obtain Authorization to Operate (ATO) on the Marine Corps Enterprise Network (MCEN). Must be familiar with the Marine Corps Certification and Authorization Tool (MCCAST).
•  Provide full RMF lifecycle support, including, but not limited to, assistance with system security categorization, system security control selection, tailoring, enhancement, system security control assessments and implementation, artifacts, and continuous monitoring support.
•  Analyze system design, identify risks, document findings, and provide recommendations to senior leadership 
•  Review and analyze third party COTS, Open-Source code/software and web-based systems for enterprise risk, analyze the results and document mitigation recommendations.
•  Review and analyze application and web application penetration testing results and document mitigation recommendations.
•  Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies, trends, and best practices 
•  Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes
•  Be the forefront lead on A&A issues that may be preventing the system/enclave from receiving an ATO
•  Assess compliance against NIST, DoD, USMC and other security requirements to include the RMF NIST 800-53 security controls and DISA STIGs/SRGs
•  Perform cyber risk assessments on enterprise environments, suppliers, and software to identify cybersecurity risks
•  Independently and collaboratively conduct cybersecurity assessments of suppliers and environments according to prescribed evaluation criteria and/or policies/regulations and deliver within established timeframes
•  Work with the cybersecurity COI to create or update system/site policies, procedures, and process guides
•  Develop, update, and/or review RMF documentation to include Plans of Action and Milestones (POA&Ms) and Risk Assessment Reports
•  Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories
•  Lead or attend meetings with stakeholders to discuss statuses of efforts
•  Author, review, and submit cybersecurity documentation for information system authorizations, encryption evaluation, and cybersecurity best practices white papers.
•  Participate in the development, maintenance, and delivery of Cybersecurity Assessment Methodology training. Update competency standards, qualifications framework and assessment guidelines for training on the RMF process.

Requirements

• Required: Active DoD Secret Security Clearance
•  Bachelor of Science degree and six (6) years of experience with Cybersecurity and Information Technology or 12 years of hands-on experience with Cybersecurity / Information Technology. Professional cyber certifications may be considered to meet qualification requirements.
• Working experience in administration of RSA's Archer suite of eGRC software
• Demonstrated excellent verbal and written communication skills
• Knowledge of network security as well as ability to read network security diagrams and data flow charts
• Excellent project and time management skills
• Understanding of critical thinking to solve complex technical problems and devise innovative solutions
• Experience and ability to work well in a remote role/team
• DoD IAM Level III/IAT Level II certification required per the DoD 8140/DoD 8570
• In depth understanding of computer security, military system specifications, and DoD cybersecurity policies
• In depth understanding and experience in Risk Management Framework (RMF), and the implementation of cybersecurity boundary defense techniques
• Strong ability to communicate clearly and succinctly in written and oral presentations

Cask is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, age, status as a protected veteran, among other things, or status a qualified individual with a disability.  EEO/Employer/Vet/Disabled