Senior Cybersecurity Analyst

Senior Cybersecurity Analyst

Location:  Norfolk, VA 

Security Clearance Requirement:  ***This position requires an Active TS/SCI Clearance***

Employment Class:  Full Time Regular

FLSA Classification:  Exempt - Salaried

Position Summary:

Command Cyber Solutions (a federal government contractor) is seeking a qualified Senior Cybersecurity Analyst who will provide operational and maintenance support of Cruise Missile Support Activity Atlantic (CMSA) LANT’s Tactical Network Cybersecurity Functions including: Configuration, STIGing, deployment, and maintenance of servers and workstations within the CMSA LANT Tactical Network Enclaves consisting of two (2) networks, four (4) hypervisors, twelve (12) servers, and forty (40) workstations. The Senior Cybersecurity Analyst will also be responsible for configuring, administering, and maintaining two (2) Endpoint Security servers, two (2) Vulnerability Scanning Virtual servers, two (2) Network Performance Monitor (NPM) virtual servers and Security Incident Event Manager virtual appliances, two (2) Microsoft SQL member servers, two (2) network storage/backup devices, two (2) Windows Security Update Servers, and forty (40) Tactical Support client Windows workstations ensuring at least 99% system availability during each calendar month, excluding scheduled maintenance.
cheduled maintenance.

Essential Duties & Responsibilities:

•    Conduct system backups and data recovery for all required hypervisors, virtual hosts, virtual appliances, application servers, and security logs ensuring daily incremental and weekly image backups are conducted. Data recovery within 24 hours once backup media is provided by government personnel.
•    Recommend and provide analysis, and recommendations to CMSA LANT N6 Leadership on architectural and/or lifecycle improvements to be implemented, to include the time required and any requisite associated estimated cost to implement. 
•    Maintain the systems and applications security integrity, to include but not limited to, maintaining and updating the Certification and Accreditation (C&A) packages and current cybersecurity policy compliance.
•    Maintain Computer Network Defense (CND) compliance in accordance with CMSA LANT’s Cybersecurity/Vulnerability Management Program and manage the Configuration Management (CM) Program comprised of monthly meetings and three to four CM changes per month.
•    Perform routine audits of system and software, perform backups, and restore files.
•    Apply operational system updates, patches, and configure changes.
•    Conduct system performance tuning.
•    Maintain, and troubleshoot databases required for supporting applications.
•    Configure, administer, and troubleshoot endpoint security servers and products.
•    Develop programs/scripts to support process automation as needed.
•    Assist in the coordination and completion of Risk Management Framework (RMF) security packages utilizing Enterprise Mission Assurance Support Service (eMASS) in accordance with Navy Cybersecurity Assessment and Authorization (A&A) requirements. Ensure RMF package is developed in the most efficient/effective manner, compliant with policy/guidance, and milestones are met on time.
•    Review eMASS security controls, analyze existing policies and provide recommendations and revisions needed to meet security requirements.
•    Coordinate with U.S. Fleet Forces Command Package Submission Officers (PSOs) and Navy Qualified Validators with regard to weekly RMF security package updates, task status, completion schedule, and/or control validation plan.
•    Assist with network vulnerability analysis, risk mitigation analysis, and Plan of Action and Milestone (POAM) and security control implementation tracking with RMF security packages utilizing Xacta.
•    Provide day to day support with security package creation, security control assessment, risk assessment, and POAM creation / remediation, and the continuous monitoring requirements for CMSA LANT’s Circuit Package and Tactical Support System Package.
•    Ensure network performance monitoring and security event monitoring system dashboards are available to be viewed in the Network Operations Center during normal business hours.
•    Document the configuration of the servers/networks, including firewall policies/Access Control Lists (ACLs) and IP Ports & Protocols.
•    Write Standard Operating Procedures, as required, for supported systems as detailed above.
•    Document lessons learned during cybersecurity events in order to improve response actions/timelines for future events.
•    Participate in related Defense Information Systems Agency, Naval Intelligence Activity Working Groups, and Naval Cyber Defense Operations Command, including but not limited to Endpoint Security and Vulnerability Scanning to identify and plan for future upgrades of required security capabilities.
•    Coordinate shared tasks with Cybersecurity Systems Administrator.
•    Develop and submit monthly status reports detailing tasks status, milestones achieved, upcoming tasks, any risks or issues, and all other pertinent information.

Education & Experience Requirements:

•    Bachelor's Degree in Computer Science, Information Technology, or a related field; OR AA/AS in related field and twelve (12) years of related experience in lieu of Bachelor Degree
•    At least ten (10) years of experience; OR, in lieu of formal education, fifteen (15) years of experience specifically related to the below qualification requirements
•    Familiarity within the Department of Defense and Department of the Navy Risk Management Framework (RMF) and demonstrated knowledge of creating policies in accordance with NIST 800-53.
•    Experience creating an A&A Security Package and utilizing the Enterprise Mission Assurance Support Service (eMASS) and/or Xacta
•    Experience conducting system / network vulnerability analysis, risk assessment, and risk mitigation analysis
•    Experience implementing the Defense Information Systems Agency published Security Technical Information Guidance (STIG) requirements

Certification Requirements:

•    DOD IAT Level II certification required (one of the following): CCNA Security, CySA, GICSP, GSEC, Security+ CE, SSCP

Security Clearance Requirements:

•    Active TS/SCI Clearance required

Other Requirements:

•    Capable of passing background investigation and periodic drug testing.
•    Fluent in English (reading, writing, speaking, and comprehension).

Knowledge, Skills & Abilities Requirements:

•    Demonstrated knowledge and experience of Cybersecurity Assessment & Authorization (A&A) concepts and requirements
•    Demonstrated knowledge in Security Testing and Evaluations (ST&E)
•    Familiarity with Contingency planning
•    Knowledge of Firewall Policies/Access Control Lists (ACLs) and IP Ports & Protocols
•    Knowledge of virtualization, networking, Windows and Linux Operating Systems, and storage and backup
•    Demonstrated knowledge of DoD C&A procedures.
•    Able to understand, adhere to and enforce corporate values, policies, procedures, and standards.
•    Good interpersonal skills; business writing and oral communication skills.
•    Better-than-average skill in current versions of MS Office (Word, Excel, Outlook)

Working Conditions/Working Environment/Physical Demands:

•    Basic office work environment at military facility location.
•    Work under the primary supervision of Project Manager.
•    Occasionally, project requirements may require temporary adjustment of work hours/days.
•    Duties are subject to change based on the needs of the customer.

#ClearanceJobs

Command Cyber Solutions (CCS) is an equal opportunity employer. In order to provide equal employment opportunities for all applicants and advancement opportunities to all employees, employment decisions at Command Cyber Solutions will be based on merit, qualifications and abilities. Command Cyber Solutions does not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, national origin, age, disability, marital status or any other characteristic protected by law.