Cybersecurity Systems Analyst
Tampa, FL
Applications have closed
FWG Solutions, Inc.
The Cybersecurity Systems Analyst will perform assessment and authorization coordination, advise and assist customers with the risk management framework, as well as develop a plan of action and milestones for resolving network deficiencies within DODI 8510.01 and ICD 503.
Essential Duties & Responsibilities:· Perform assessment and authorization coordination, advise, and assist the customer with Risk Management Framework (RMF) and develops a Plan of Action and Milestones for resolving network deficiencies in accordance with DODI 8510.01 and ICD 503 including, assessing network compliance against controls listed in NIST 800-53 and creating A&A packages· Perform assessment, compliance, and validation of IT systems to support the Cybersecurity program at USSOCOM, its Component Commands, TSOCs, and deployed forces· Execute a comprehensive assessment, compliance, and validation of customer networks to ensure compliance with regulations and security and standards with the end goal is to ensure the integrity of customer systems by identifying and mitigating potential shortcomings and vulnerabilities· Advise USSOCOM, its Component Commands, TSOCs, and deployed forces on network and system risks, risk mitigation courses of action, and operational· Perform security evaluations and vulnerability assessments using the DOD Assured Compliance Assessment Solution (ACAS), Nessus vulnerability scanning tool and Security Content· Automation Protocol tool· Identify applicable STIGs and perform assessments using the Security Content Automation Protocol tool· Liaison with network and system administrators to correct identified deficiencies· Scan (or review scans) for new systems and applications being introduced into the SOF environment, identify issues, and draft certification letters for the government· Liaison with the Site Integration Facility (SIF) to ensure systems and application meet the standards in the DISA Security Technical Implementation Guides (STIG)· Tracks A&A status of SIE governed ISs· Ensures these artifacts and documentation are available in the USSOCOM-chosen automated tool· Advise stakeholders on the adequacy of implementation of cybersecurity requirements· Provide DoD & IC RMF subject matter expertise to USSOCOM, its Component Commands, TSOCs, deployed forces and their delegates, including other Contractors, and assist with the development and execution of the RMF program at USSOCOM, its Component Commands, TSOCs, and deployed forces· Maintain, track, and validate DISN, cloud and DIA connection approval packages, including those from USSOCOM, its Component Commands, TSOCs, and other subordinate organizations· Develop and maintain supporting documentation for new and existing networks, cloud environments, information systems and technologies as they are introduced into the SIE· Develop and review the A&A of SIE networks, cloud environments, systems, services, telecommunication circuits, mobile devices, portable electronic devices, hardware, and software using the DoD & IC RMF to obtain an Authority to Operate (ATO), Interim Authority to Test (IATT), or Authority to Connect (ATC)· Perform risk and vulnerability assessments of IT and IS for authorization; prepare risk assessment reports for submission to the SCA and Authorizing Official/Designated Authorizing Official/Designated Accrediting Authority (AO/DAO/DAA) in accordance with DoD, DIA, USCYBERCOM, USSOCOM,· Component Command, TSOC, and deployed forces’ policies, procedures, and regulations· Assist USSOCOM, its Component Commands, TSOCs and deployed forces with the enforcement of A&A, as well as DoD, DIA, USSOCOM, Component Command, TSOC, and deployed forces’ connection standards for networks and systems· Track and maintain A&A databases, web sites and tools to ensure that networks, systems, and devices are properly documented and managed from a cybersecurity perspective· Track and report to higher headquarters organizations (e.g., USCYBERCOM, DIA) compliance with applicable Cybersecurity regulations and directives · Ensure timely notifications are made to responsible individuals and organizations in order to prevent lapses in accreditations (e.g., 30-, 60-, and 90-day notices).· Develop and maintain an Information Security Continuous Monitoring (ISCM) Plan· Identify, assess, and advise on cybersecurity control compliance and associated risks· Coordinate with USCYBERCOM, DoD, DIA, NSA, DISA, and subordinate organizations to support the resolution of issues with security, A&A, connection approvals, and waiver requests· Perform network, cloud, information systems, hardware, software, and device· security authorization and assessments, as well as the application and execution of policy, including project management support services· Validate the patching of systems, perform validation scanning, develop Plans of Action & Milestone (POA&Ms), and report as directed by applicable policies, procedures, and regulations.· Provide subject matter expertise for COA development and the implementation of Cybersecurity mitigation strategies· Develop and implement required processes, procedures, and capabilities to mitigate vulnerabilities and weaknesses for software and hardware deployment· Identify, implement, and validate continued effectiveness of key performance parameters and applied security measures· Perform analytics on cybersecurity posture and provide reports to the AO/DAO and applicable stakeholders as required per ISCM and AO/DAO direction· Other duties as related to the business functions of FWG Solutions, as assigned
Requirements & Qualifications:Education:· Bachelor’s degree in a related field required· Master’s degree in related field required
Licenses & Certifications:· Active TS/SCI clearance required· DoD Information Assurance Technical (IAT) Level III or DoD Information Assurance Manager (IAM) Level III required
Experience:· Required minimum of ten plus (10+) years of relevant hand-on experience · Experience with the US Combatant Commands (USCENTCOM/USSOCOM) desired· Technical background with system administration experience, architecture and engineering preferred· Technical background in networking, identity management, Microsoft and Linux operating systems, database, and mobility
Skills & Abilities:· Excellent communications skill (written and oral) and interpersonal skills · Working knowledge of the RMF· Knowledge of the Telos Xacta or Enterprise Mission Assurance Support Services (eMASS) system desired· Knowledge and experience with DoD IA processes and policies (e.g., DODI 8510.01, NIST, CNSS and other cybersecurity policies, Chairman of the Joint Chiefs of Staff Manual (CJCSM) 65101.01, Incident Response and other IA policies)· Knowledgeable of cyber network defense tools such as end point security, SIEM, comply to connect, etc.· Superior organizational skills, attention to detail, and ability to prioritize and manage multiple tasks· Must have the ability to interact with senior leaders within the organization· Use of Microsoft Office software applications to include Word, Excel, and PowerPoint Other:· All support shall be performed onsite within facilities provided by USSOCOM, its Component Commands, TSOCs, and deployed forces or other Government-provided or designated facilities, unless otherwise agreed upon by the COR and/or the KOThis opportunity offers career development and growth, competitive compensation, and a robust benefits package with 4 Weeks PTO w/ rollover, 11 paid holidays, company paid events and training, and 401(k) retirement plan with company match. FWG holds multiple government contracting vehicles as a Prime Contractor to include: 8(a) Set-Aside; STARS III; GSA IT-70; Army ITES-3S; and CIO-SP3. FWG Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex/gender, pregnancy, religion, age, marital status, sexual orientation, military/veteran status, disability, genetic information/history or any other personal characteristic protected by law. FWG welcomes all individuals with disabilities and protected veterans to apply for our jobs.
Tags: Analytics Automation Clearance Clearance Required Cloud CNSS Compliance DoD IAM ICD 503 Incident response ISO 27001 Linux Monitoring Nessus NIST Risk assessment Risk Assessment Report Risk management SCAP SIEM TS/SCI Vulnerabilities
Perks/benefits: 401(k) matching Career development Competitive pay Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs