AOS Cyber Risk Management Analyst
Hampton, VA, United States
Applications have closed
ANALYGENCE, Inc.
Company Description
ANALYGENCE, Inc. (ANALYGENCE) is a Disadvantaged, Veteran-Owned professional services small business established in 2010 on the principle of providing our customers with results driven professionals that understand the dynamic customer environment and can be relied upon to help them achieve their objectives. ANALYGENCE works with customers to develop and execute innovative strategies to improve processes and achieve customer goals. Our people are service-oriented professionals with varying military, government and industry backgrounds, who understand the level of commitment and flexibility it takes to progress customers forward in a dynamic work environment. We cater to the specific needs of each individual customer to help them lay out a path for success.
Job Description
ANALYGENCE will be providing support to Headquarters Air Combat Command (HQ ACC) at Langley Air Force Base, Virginia. Support includes a full range of Information Warfare training and operations, Information Systems & Operations, Communications, Administrative Support, and Knowledge Based Services across the air, space, and cyber domains.
The AOS Cyber Security/Risk Management Support role will provide provide AOS proper implementation and sustainment of DoD cybersecurity and Risk Management Framework (RMF) requirements and authorization to operate for AOS unique software.
- Develop and Maintain Security Plan for AOS Domain Enclave of the Air Force Enterprise
- Develop a Security Assessment Plan for AOS domain enclave of the Air Force Enterprise within Enterprise Mission Assurance Support Service (eMASS), describing the objectives of the security control assessment and providing a detailed roadmap for performing the assessment, to include:
- AOS System Security Plan
- Security Assessment Report
- Risk Assessment Report (RAR)
- Up-to-date POA&M
- Monitor and track execution of POA&M for AOS in order to identify and monitor corrective action for weaknesses and deficiencies found during security assessment.
- Perform required cybersecurity analyst (CSA) RMF process steps for the AOS domain enclave of the Air Force Enterprise (CARP/ADIS), to include: Categorize System, Select Security Controls, Implement Security Controls, and Assess Security Controls. Review and adjudicate system security categorizations decisions for the AOS as well as final security control sets.
- Review the Security Plan and System Level Continuous Monitoring Strategy for the AOS domain enclave of the Air Force Enterprise.
- Provide guidance to AOS on RMF processes and procedures for the AOS domain enclave of the Air Force Enterprise.
- Categorize and Describe Information Systems in the following Capacities:
- Categorize Information System – Categorize the information system and document the results of the security categorization in the security plan.
- Provide guidance to AOS Stakeholders on the RMF assessment process.
- Support AOS in embedding cybersecurity and the Risk Management Framework actions and checkpoints into the appropriate point in the AOS System Life Cycle (SLC) Management Policy; develop tools, procedures and templates to support CS and RMF execution under the SLC.
- Submit status reports on open action items (to include projected completion dates), issues/concerns and lessons learned. Reports are to be provided by the 10th of each month
- Perform all required CSA RMF process steps for the AOS domain enclave of the Air Force Enterprise, to include: Categorize System, Select Security Controls, Implement Security Controls, and Assess Security Controls.
- Assess approved technical and non-technical security features of AOS domain enclave of the Air Force Enterprise to address known threats and vulnerabilities. The assessment must consider and identify impacts as well as consideration of existing risk mitigation strategies.
- Act as an independent and impartial assessor to determine and certify aggregate cybersecurity risk for recommendations for AOS domain enclave of the Air Force Enterprise
- Complete Checkpoints (as described in Appendix K of Risk Management Framework Process Guide, Version 2.0, 4 August 2017) for the CARP/ADIS and provide recommendations for the Security Assessment Plan, ensuring all appropriate security controls will be assessed for compliance.
- Provide quality assurance of an RMF Security Assessment Plan related to cybersecurity risk for the AOS domain enclave of the Air Force Enterprise.
Qualifications
- Must have current Secret eligibility.
- Minimum 3 years of experience in cybersecurity documentation and system authorization artifacts (System Security Plan, lifecycle documentation, continuous monitoring plan, Security Assessment Plan, Security Assessment Report, Risk Assessment, etc.).
- Possess Information Assurance Management (IAM) level III (DoD 8570.01). It is desired that the contractor possess the Certified Information Systems Security Professional (CISSP) status. However, any of the other DoD-approved IA management level III baseline certifications are suitable for this task.
- Knowledgeable in DoD Information Assurance Certification & Accreditation Process (DIACAP), RMF and NIST experience in security control assessments and risk assessments.
- Possess strong technical writing skills.
Additional Information
ANALYGENCE, Inc. is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decision without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.
Tags: CISSP Compliance DIACAP DoD DoDD 8570 IAM Monitoring NIST Risk assessment Risk Assessment Report Risk management Security assessment Security Assessment Report Strategy System Security Plan Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs