SME Information Security Analyst - TS/SCI Required

(Multiple States)

Full Time Senior-level / Expert Clearance required USD 92K - 171K *

cFocus Software Incorporated

Our exclusive ATO as a Service™ software & expert services automate FISMA RMF & FedRAMP compliance.

View all jobs at cFocus Software Incorporated

Apply now Apply later

Posted 6 hours ago

cFocus Software is seeking an SME Information Security Analyst to join our program supporting CISA in Arlington, VA or Pensacola, FL. This position requires active TS/SCI clearance.

Qualifications:

Active TS/SCI clearance
10+ years of proven experience performing security controls.
Active CASP+, CySA+, or CISSP certification
Possess excellent verbal and written communication skills; have knowledge, skills, abilities, and experience with common assessment & authorization (A&A) application platforms (e.g. eMASS, CSAM, Xacta is preferred) for performing tasks in Section 6.3. and strong architecture, network and infrastructure security, or next gen security expertise (agile/hybrid agile, cloud).
The SME Information Security Analyst must have extensive experience working with various security methodologies and processes, compliance controls related to cloud security, performing assessments in cloud computing environment, extensive experience providing analysis and trending of vulnerability data form a large number of heterogeneous devices, and must possess expert knowledge in risk and vulnerability management.
10+ years of experience with Reverse Engineering, Computer Forensics, Adversarial Emulations, Incident Response, Vulnerability Assessment and Management, Risk and Threat Mitigation, and Penetration Testing
10+ years of technical experience using concepts such as (SaaS, PaaS, & IaaS)
10+ years of experience working with AWS, Kubernetes, Dockers, Linux, Windows

Duties:

Responsible for leading the RMF assessment, authorization, and monitoring steps for systems following NIST and ICD 503 standards and best practices.
Maintain ongoing knowledge of Federal policies and practices related to cyber security
Participate in the RMF process providing Authorization and Assessment (A&A) support to include the review of risk trade off analysis required to recommend risk acceptance and authorization decisions.
Support all activities to maintain security authorization of each system, which include but are not limited to: monitoring status of POA&Ms until closure, annual assessments, continuous monitoring, and (future) ongoing authorization activities as required by DHS policy.
Perform impact analysis of the requirements through evidence-based reasoning and risk management needed to create and maintain a defensible security posture for the program.
The Contractor may be required to perform assessments for two or more different systems simultaneously

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats: 0 0 0

Category: Analyst Jobs

Tags: Agile AWS CASP+ CISA CISSP Clearance Cloud Compliance eMASS Forensics IaaS ICD 503 Incident response Kubernetes Linux Monitoring NIST PaaS Pentesting Reverse engineering Risk management RMF SaaS TS/SCI Vulnerability management Windows