Cyber Security Analyst
United States
Unissant
Mission-focused, data-driven. Federal agencies turn to Unissant for our expertise in AI, advanced analytics, digital excellence, and cybersecurity solutions.Unissant, Inc. delivers innovative capabilities to the agencies that keep our nation healthy and safe. We apply our domain expertise, data acumen, and technology know-how to achieve breakthrough results for our clients. Working collaboratively, we advance missions and careers through a focus on honesty, integrity, and dependability. We continuously look for talent excited to join that effort. To learn more about our exciting organization, please visit us at www.unissant.com.
We are seeking a Cyber Security Analyst to join our team and support our customer.
The Cyber Security Analyst will support the Information System Security Manager (ISSM) in cybersecurity matters by providing analytic and technical advice to support DoD Cybersecurity policies & activities (e.g. DoDI 8510.01, Risk Management Framework (RMF), DoDI 8582.01 Security of Unclassified DoD Information on Non-DoD Information Systems).
Essential Duties and Responsibilities:
- Assist the ISSM with development, review and management of Cybersecurity documentation (e.g. System Authorization Plans, Categorization Memos, Plan of Action and Milestones (POA&M), hardware & software lists, boundary diagrams), and work with the vendors to ensure compliance requirements are met with the focus of achieving Authorization to Operate (ATO) for all packages.
- Assist the ISSM in ensuring compliance with 8582.01 controls to make certain system remains in a secure state throughout the system lifecycle.
- Assist the ISSM in confirming the validity of hardware and software lists, architecture diagram and resolution of findings through remediation/mitigation statements in the system POA&M to ensure system remains in a secure state throughout the system lifecycle.
- Work with the ISSM to assess configuration changes and to determine overall impact to the security posture of the system.
- Work with the ISSM to analyze system administrator generated vulnerability scans from various tools (e.g. Automated Compliance Assessment Solution (ACAS), Host Based System Security (HBSS), Security Content Automation Protocol (SCAP), Nessus) and review Security Technical Implementation Guides (STIGS) and checklists to provide vulnerability assessments at the system level.
- Utilize reporting tools (e.g. Enterprise Mission Assurance Support Services (eMASS) and Continuous Monitoring and Risk Scoring (CMRS)) for the documentation and evidence of assessment results for each system.
- Perform other duties as required by management
Work Experience:
- DoD-approved cybersecurity workforce certification per DoD 8570.01-M (e.g. CISSP, CISA, CASP CE) and five or more years cybersecurity experience.
- Experience assessing new security laws, policies, and standards in the federal government to determine program-level impact.
- Technical knowledge of National Institute of Standards and Technology (NIST), Risk Management Framework (RMF), Federal Risk and Authorization Management Program (FedRAMP) with a solid understanding of cloud deployment, security policy requirements and assessments, and service models as defined by the NIST.
- Understanding of IP networking, networking protocols and security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists.
- In depth knowledge of security hardening, assessment and reporting tools (e.g. HBSS, ACAS, SCAP etc.) with the ability to assess and provide appropriate feedback for external audits and remediation plans.
- A solid understanding of Microsoft Office suite, especially Word
Job Skills:
- Strong IT skills and knowledge including hardware, software and networks
- Meticulous attention to detail
- Ability to use logic and reasoning to identify the strengths and weaknesses of IT systems
- A forensic approach to challenges
- A deep understanding of how hackers work and ability to keep up with the fast pace of change in the criminal cyber-underworld
- Ability to seek out vulnerabilities in IT infrastructures
- Excellent report writing and communication
- The ability to work well independently or with a team
- Capable of meeting deadlines
Education:
- Bachelor's Degree is required
Certificates, Licenses and Registrations:
- DoD-approved cybersecurity workforce certification per DoD 8570.01-M (e.g. CISSP, CISA, CASP CE) required
- This position requires the candidate to be an United States Citizen and capable of obtaining an IT-2 position of Public Trust
Communication Skills:
- Excellent verbal and writing skills
- Demonstrated experience communicating effectively across internal and external organizations
Travel:
- Willing to travel occasionally as needed (local area travel may be required weekly)
Environmental Requirements:
- Mainly sedentary; in an office environment
- May be required to lift up to ten (10) pounds
- Flexible in working extended hours
The above statements are intended to describe the general nature and level of work being performed by the individual(s) assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required. Unissant management reserves the right to modify, add, or remove duties and to assign other duties as necessary. In addition, where applicable and available, reasonable accommodation(s) may be made to enable individuals with disabilities to perform essential functions of this position.
Please note: Candidate(s) will be required to go through pre-employment screening.
Unissant, Inc. is a proud Equal Opportunity Employer! (EOE; M/F/Disability/Vets)
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: ACAS Audits Automation CASP+ CISA CISSP Cloud Compliance DNS DoD DoDD 8570 eMASS Encryption FedRAMP Firewalls Monitoring Nessus NIST PKI POA&M Risk management RMF SCAP STIGs VPN Vulnerabilities Vulnerability scans
Perks/benefits: Flex hours
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.