Seeking a Cybersecurity Analyst to lead system Assess and Authorize (A&A) activities related to the sustainment of U.S. Army Defense Business Systems. The Cybersecurity Analyst will execute duties supporting the Risk Management Framework (RMF) 2.0 lifecycle culminating in successful Authority to Operate (ATO) decisions. Work location is client site, Fort Belvoir, VA.

Note: Telework will be acceptable with the requirement to visit client offices at Fort Belvoir, Virginia at least once per week.

• Lead the development, review and management of system Assess and Authorize documentation to ensure compliance with RMF 2.0 standards. Administer mission assurance planning and implementation following DoDI 8500.2 and DoDI 8510.
• Perform Risk Management and testing in accordance with authoritative policies and standards to maintain the information system security posture.
• Maintain system accreditation status, develop reports, and alerts for system proponents when accreditation documentation must be updated.
• Prepare, distribute, and maintain plans, instructions, guidance, policies, and standard operating procedures (SOPs) in accordance with Army and DoD policies and initiatives for the security of information systems, access control and authentication of users and transmitted information.
• Review and evaluate system and network changes for cybersecurity impact on confidentiality, integrity, availability, and overall system security posture.
• Conduct program oversight, including on-going monitoring and periodic auditing of systems and systems operations. Develop, recommend, and implement incident response procedures and technologies to identify, assess, and ensure the appropriate response to threats and vulnerabilities. Proactively monitor patch publishing and communicate to appropriate stake holders for further steps.
• Lead, support, and/or facilitate security assessments of new or modified hardware, operating, systems, and software applications ensuring integration with DoD Cyber Security requirements.
• Function as a subject matter expert (SME) and point of contact for SAP security related cyber security matters including research emerging and existing threats and vulnerabilities, design and develop robust plans to protect existing SAP assets, monitor security posture of systems and recommend preventive measures to deter external and internal harmful activities for all SAP systems and databases (including HANA).
• Develop the security assessment report (SAR) for the network enclave. Responsible for the adequate assessment of all identified risk(s) and the generation of a mitigation plan for the PEO EIS Cyber Security Office to receive an accreditation decision for all information systems. Evaluate and ensure security threats are mitigated, remediated, or waived per IAW DoD guidelines.
• Conduct analysis of security incidents (i.e., Phishing, malware, account access compromises, and network intrusions). Perform investigations of unauthorized disclosure of Personal Identifiable Information. Report findings and provide status to senior leadership. Perform escalations to the Regional Computer Emergency Response Team (RCERT) when required.
• Serve as a member the Continuity of Operations (COOP) Disaster Recovery Team during COOP exercises supporting the security engineering mission essential functions (MEF) at the alternate site.
• Work with the audit readiness review team to develop Continued Plan of Action and the continuous review of the Plan of Actions and Milestones (POA&Ms). Develop corrective measures for identified defects and incorporate to ensure timelines are adhered to.
• Coordinate with Splunk administrators in improve existing rule sets, define new rule sets, and monitor log files.  
• Review vulnerability scans for Information Assurance (IA) compliance as needed and ensure periodic audits are conducted.
• Acknowledge and track Information Assurance Vulnerability Management (IAVM) notices and create POA&Ms.

Required:

• Bachelor’s degree, or equivalent experience
• Must possess Security + Certification.
• SAP experience
• DoD 8570 IAM Level III certification (Certified Information Systems Security Professional (CISSP) (or Associate), Certified Information Security Manager (CISM), Global Information Assurance Certification Security Leadership Certificate (GSLC), Certified Chief Information Security Officer (CCISO) or equivalent).
• Must possess and maintain an active Secret Clearance.
• 7 - 10 years demonstrated experience designing, implementing, and monitoring cybersecurity solutions  
• 3 - 5 years demonstrated experience with Risk Management Framework 2.0 and the Enterprise Mission Assurance Support Service (eMASS).
• Familiarity with the Federal Information System Controls Audit Manual (FISCAM) and RMF controls utilizing the Committee on National Security Systems (CNSS) Instruction 1253 Security Controls Assessment Procedures pursuant to National Institute of Standards and Technology (NIST) Special Publication 800-53
• Experience with performing scans and / or analyses using automated tools, such as, the Security Content Automation Protocol (SCAP), the Assured Compliance Assessment Solution (ACAS), the Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG), STIGViewer, eMASSTER, and other DoD approved vulnerability scanning assessment tools.

Desired:

• AWS cloud experience
• Agile Certifications
• SAP Experience
• Information Assurance Security Officer (IASO) Certification
• Experience working for/within Army and/or DoD organizations either as military personnel, government civilian, or as a contractor supporting the Army.
• Experience with ServiceNow
• Certification in Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP)
• Experience administering Host Based Security System (HBSS) and / or Army Endpoint Security Solution (AESS).
• Familiarity with security configuration of Windows and Linux operating systems
• Familiarity security configuration of HANA and Oracle databases