AOS Cyber Risk Management Analyst

Company Description

ANALYGENCE, Inc. (ANALYGENCE) is a Disadvantaged, Veteran-Owned professional services small business established in 2010 on the principle of providing our customers with results driven professionals that understand the dynamic customer environment and can be relied upon to help them achieve their objectives. ANALYGENCE works with customers to develop and execute innovative strategies to improve processes and achieve customer goals.  Our people are service-oriented professionals with varying military, government and industry backgrounds, who understand the level of commitment and flexibility it takes to progress customers forward in a dynamic work environment. We cater to the specific needs of each individual customer to help them lay out a path for success.

Job Description

ANALYGENCE will be providing support to Headquarters Air Combat Command (HQ ACC) at Langley Air Force Base, Virginia. Support includes a full range of Information Warfare training and operations, Information Systems & Operations, Communications, Administrative Support, and Knowledge Based Services across the air, space, and cyber domains. 

The AOS Cyber Security/Risk Management Support role will provide provide AOS proper implementation and sustainment of DoD cybersecurity and Risk Management Framework (RMF) requirements and authorization to operate for AOS unique software.

• Develop and Maintain Security Plan for AOS Domain Enclave of the Air Force Enterprise
• Develop a Security Assessment Plan for AOS domain enclave of the Air Force Enterprise within Enterprise Mission Assurance Support Service (eMASS), describing the objectives of the security control assessment and providing a detailed roadmap for performing the assessment, to include:           
  • AOS System Security Plan
  • Security Assessment Report
  • Risk Assessment Report (RAR)
  • Up-to-date POA&M 
• Monitor and track execution of POA&M for AOS in order to identify and monitor corrective action for weaknesses and deficiencies found during security assessment.
• Perform required cybersecurity analyst (CSA) RMF process steps for the AOS domain enclave of the Air Force Enterprise (CARP/ADIS), to include: Categorize System, Select Security Controls, Implement Security Controls, and Assess Security Controls.  Review and adjudicate system security categorizations decisions for the AOS as well as final security control sets.  
• Review the Security Plan and System Level Continuous Monitoring Strategy for the AOS domain enclave of the Air Force Enterprise. 
• Provide guidance to AOS on RMF processes and procedures for the AOS domain enclave of the Air Force Enterprise.
• Categorize and Describe Information Systems in the following Capacities:
• Categorize Information System – Categorize the information system and document the results of the security categorization in the security plan.
• Provide guidance to AOS Stakeholders on the RMF assessment process.
• Support AOS in embedding cybersecurity and the Risk Management Framework actions and checkpoints into the appropriate point in the AOS System Life Cycle (SLC) Management Policy; develop tools, procedures and templates to support CS and RMF execution under the SLC.
• Submit status reports on open action items (to include projected completion dates), issues/concerns and lessons learned. Reports are to be provided by the 10th of each month
• Perform all required CSA RMF process steps for the AOS domain enclave of the Air Force Enterprise, to include: Categorize System, Select Security Controls, Implement Security Controls, and Assess Security Controls.
• Assess approved technical and non-technical security features of AOS domain enclave of the Air Force Enterprise to address known threats and vulnerabilities. The assessment must consider and identify impacts as well as consideration of existing risk mitigation strategies.
• Act as an independent and impartial assessor to determine and certify aggregate cybersecurity risk for recommendations for AOS domain enclave of the Air Force Enterprise
• Complete Checkpoints (as described in Appendix K of Risk Management Framework Process Guide, Version 2.0, 4 August 2017) for the CARP/ADIS and provide recommendations for the Security Assessment Plan, ensuring all appropriate security controls will be assessed for compliance.
• Provide quality assurance of an RMF Security Assessment Plan related to cybersecurity risk for the AOS domain enclave of the Air Force Enterprise.

Qualifications

• Must have current Secret eligibility.
• Minimum 3 years of experience in cybersecurity documentation and system authorization artifacts (System Security Plan, lifecycle documentation, continuous monitoring plan, Security Assessment Plan, Security Assessment Report, Risk Assessment, etc.).
• Possess Information Assurance Management (IAM) level III (DoD 8570.01). It is desired that the contractor possess the Certified Information Systems Security Professional (CISSP) status. However, any of the other DoD-approved IA management level III baseline certifications are suitable for this task.
• Knowledgeable in DoD Information Assurance Certification & Accreditation Process (DIACAP), RMF and NIST experience in security control assessments and risk assessments. 
• Possess strong technical writing skills.

Additional Information

ANALYGENCE, Inc. is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decision without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.