Cybersecurity Certification and Accreditation Analyst [JOB ID: 20250128]

Phoenix Cyber is looking for a Cybersecurity Certification and Accreditation Analyst to join our client delivery team. This is a remote, work-from-home position with the possibility of minimal travel within the continental United States.

Qualifications

• Bachelor's Degree in technical discipline or equivalent and 5+ years related experience.
• 5 years of relevant Risk Management Framework (RMF) and NIST C&A experience
• DOD cybersecurity experience
• 3+ Years of experience with Enterprise Mission Assurance Support Service (eMASS)
• DOD Secret Clearance
• Experience in assessing security controls and conducting authorization reviews for large, complex organizations
• 5+ Years of experience producing and maintaining DoD Certification & Accreditation Packages (DIACAP) or RMF package development and submission
• 5+ Years of experience understanding and implementing DoD, DISA, Joint Staff, CNSSI and NIST cybersecurity instructions, publications and policies
• 5+ Years of experience in understanding and validating NIST 800-53 Security Controls; CNSSI 1253 Security Controls and Overlays
• Demonstrated knowledge of Cyber Security and enterprise cyber security solutions.

Responsibilities

• Responsible for all application security controls, RMF compliance, and Authority to Operate
• Key to the success of this position is the successful delivery of projects and effective communication to all levels of staff for reporting project status
• The analyst will serve as a Subject Matter Expert (SME) in cybersecurity, ensuring that all information systems are authorized in compliance with established policies and procedures
• This position is critical in evaluating security controls and determining the severity of vulnerabilities, as well as briefing senior management on the progress of information systems undergoing the authorization process
• Serves as a cybersecurity Subject Matter Expert (SME) with regards to the authorization of information systems and all associated cybersecurity policies and procedures
• Fully versed in the general tenets supporting the overall DOD implementation of its authorization process, to include supporting cybersecurity policy, procedures and processes
• Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization
• Possess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization's IT infrastructure
• Conducts accurate evaluation of the level of security required
• Possess an understanding of how the security controls identified in the NIST 800-53 and NIST 800-82
• Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control), and determines the possible ramifications on the system's current or future authorization
• Required to brief senior management on the progress or results of an information system undergoing the authorization process
• Experience utilizing DoD tracking systems to input/document cybersecurity deficiencies, vulnerabilities, and change requests in the appropriate tracking system for each program, e.g., Jira, HP ALM, and eMASS.
• Expertise in implementing, documenting, and maintaining baseline configuration frameworks for a range of IT systems, including operating systems, and applications, with a focus on industry-recognized standards such as CIS (Center for Internet Security) and DISA STIGs (Defense Information Systems Agency Security Technical Implementation Guides)
• Assessing and continuously monitoring cybersecurity risk ensuring that legacy and new capabilities adhere to enterprise standards such as Risk Management Framework (RMF), Cybersecurity Framework (CSF), and National Institute of Standards and Technology (NIST)
• Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness
• Knowledge of audit and assessment activities and processes
• Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously
• Ability to interpret and communicate highly complex technical information clearly and articulately for all levels and audiences

Phoenix Cyber is a national provider of cybersecurity engineering services, operations services, sustainment services and managed security services to organizations determined to strengthen their security posture and enhance the processes and technology used by their security operations team.

Phoenix Cyber is an equal opportunity employer and complies with Executive Order 11246, Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veteran's Readjustment Assistance Act (VEVRAA), all amendments to these regulations, and applicable executive orders, federal, and state regulations. Applicants are considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, and/or veteran status.

Phoenix Cyber participates in E-Verify to confirm the employment eligibility of all newly-hired employees. To learn more about E-Verify, including your rights and responsibilities, go to https://www.e-verify.gov/