Classified Cybersecurity Analyst – Polygraph

Classified Cybersecurity Analyst – Polygraph

Requirements

• Master’s degree with 0 years of relevant technical experience; OR a Bachelor’s degree with 2 years of relevant technical experience; OR an Associates degree with 4 years of relevant technical experience; OR a High School Diploma/GED with 6 years of relevant technical experience is required
• Must have a DoD 8570 IAM level I (or higher) security certification (examples: Security+ CE)
• Candidates must have a current DOD Top Secret/SCI level security clearance to include a current and recent Full Scope Polygraph (adjudicated within the last 5 years) in order to be considered
• Candidates must have the ability to obtain, and maintain, access to Special Programs as a condition of continued employment
• Master’s degree with 3 years of relevant technical experience; OR a Bachelor’s degree with 5 years of relevant technical experience; OR an Associates degree with 7 years of relevant technical experience; OR a High School Diploma/GED with 9 years of relevant technical experience is required
• Must have a DoD 8570 IAM level II (or higher) security certification (examples: CAP, CASP CE, CCISO, HCISPP, CISM, GSLC, CISSP-Associate, or CISSP)
• Candidates must have a current DOD Top Secret/SCI level security clearance to include a current and recent Full Scope Polygraph (adjudicated within the last 5 years) in order to be considered
• Candidates must have the ability to obtain, and maintain, access to Special Programs as a condition of continued employment

Responsibilities

• Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy
• Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems
• Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits
• Assist in the implementation of the required government policy, make recommendations on process tailoring, participate in and document process activities
• Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards
• Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports
• Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M
• Periodically conduct a complete review of each system’s audits and monitor corrective actions until all actions are closed

Preferred Qualifications

• The ideal candidate will have a Bachelor’s degree in Cybersecurity, a CISSP, and 6 years of experience with Certification & Accreditation of classified systems and eMASS/Risk Management Framework in a classified environment
• Knowledge of ACAS, NESSUS, SPLUNK, SCAP, POA&Ms, NIST, DIACAP, NISPOM, system audits, vulnerability scanning, and RMF package development preferred
• Experience with analyzing enterprise level security tools, focused on vulnerability and configuration applications, and audit analysis using SEIM applications, Trellix/McAfee, and Rapid 7
• Experience with gathering Body of Evidence (BoE) and analysis of various tools or raw logs
• Experience working with the NIST 800 series and other NIST documentation
• Experience with creating and analyzing reports from various security tools
• Experience with Risk Management Framework (RMF), Security Technical Implementation Guide (STIG) and requirements development to ensure regulatory compliance
• Accreditation functions, including documentation, scanning, assessment, POAM management, through all steps of the RMF
• Capable of assessing the Program system security posture in accordance with customer requirements / directives
• Familiarity and understanding with researching and evaluating CVE/CVSS to identify, assess, and manage risk from threats and vulnerabilities
• Experience with Atlassian products to include Confluence and JIRA to track projects and tasks
• Experience working on a multidisciplinary team and writing technical documents
• Excellent communication, interpersonal skills, and the ability to interface with all levels of employees and management