Senior Cyber Security Analyst

Job ID 18-00308

Industry Computer/IT

Job Type Contract

Location Arlington, VA


Candidates must have active Dept of Defense Top Secret Clearance


a. An ITIL 2007/2011 Foundation Level Certification
b. Information Assurance Management (IAM) or Information Assurance Technical (IAT) Level II


Job Description
The Senior Cyber Security Analyst is responsible for all areas of IT cybersecurity and in assisting the ARNG NCR DOIM in managing the risk of operating a network including the Command Cyber Readiness Inspection (CCRI) and Certification and Accreditation (C&A) support and tracking.
The Senior Cyber Security Analyst is responsible for ensuring the following aspects of Cyber Security: 
- Physical, personnel, facility, information systems, through policies and controls IAW Army Regulations, Department of Defense (DoD) Directives and Instructions.  
- Manage information security risks and report findings to the Government.  
- Develop and maintain an OPSEC Standing Operating Procedure (SOP)/Plan.  The Senior Cyber Security Analyst will become OPSEC Level II certified.
- Maintain ARNG NCR DOIM IT infrastructure in a manner compliant with Federal Information Security Management Act (FISMA), DoD Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) guidance.  
The Senior Cyber Security Analyst will 
- Ensure that ARNG NCR DOIM LAN and its management systems are compliant with all Information Assurance Vulnerability Alerts (IAVAs).
- Conduct weekly Assured Compliance Assessment Solution (ACAS) scans and remediate vulnerabilities according to SLA.
- Ensure appropriate Secure Technical Implementation Guidelines (STIG) are maintained 
- Review Host Based Security Solution (HBSS) and Tanium reports for end point security compliance. Remediate identified vulnerabilities as required.
- Track Information Assurance Vulnerability Management (IAVM) compliance.
- Create Plans of Action & Milestones (POA&M) for identified vulnerabilities.
- Report ARNG NCR DOIM security compliance to higher level authorities and/or reporting structures.
- Maintain the Information Security Plan.
- Support and validate access requests for ARNG NCR DOIM network access and Managed services through Service Operations.
- Provide consultation on Cybersecurity perspectives for proposed changes, initiatives, and projects.
- Maintain and draft memorandums for record, system interconnection agreement, and/or equivalent to document all system connections to ARNG NCR DOIM networks.
- Validate ARNG NCR DOIM managed assets are in compliance with Army Gold Master configuration, NSA Configuration Guidance and NIST Configuration Guidance through coordination with Asset Management.
The Senior Cyber Security Analyst will support C&A activities including:
- Ensure the ARNG NCR DOIM complies with the Tenant Security Plan (TSP) for the ARNG portion of DODIN-A NIPR and SIPR in support of the ARNG Authority to Connect (ATC) and Authority to Operate (ATO). 
- Test the security technical controls for the ARNG NCR DOIM LAN.
- Conduct an internal review and execute all checks and tests in accordance with RMF. 
- Develop a Security Test and Evaluation (ST&E) Test Plan that addresses all the requirements identified in NIST SP 800-53 and the appropriate DoD, Army, and ARNG information system security testing requirements. 
The Senior Cyber Security Analyst will support the CCRI process including:
- Ensure ARNG NCR DOIM compliance with all applicable CCRI requirements (e.g. Technical, CND Directives, Contributing Factors, etc.). Report status, findings, and results.
- Provide support to the CCRI assessment team during scheduled and unscheduled inspections.
- Track CCRI findings through POA&Ms and report status during MPSRs.
- Support post-CCRI finding remediation. Assist with the planning, execution, and documentation of CCRI finding remediation activities.


Required Qualifications and Skills:

It is required that the Senior Cyber Security Analyst have the qualifications and certifications listed below:  
- An IAM Level III Certification – one or more of the following current certifications
o    GSLC – GIAC Security Leadership Certification
o    CISM – Certified Information Security Manager
o    CISSP – Certified Information Systems Security Professional (or Associate)
- An IAT Level II Certification – one or more of the following current certifications
o    GSEC – GIAC Security Essentials Certification
o    Security + – CompTIA Security +
o    SSCP – ISC Systems Secured Certified Practitioner 
- ITIL 2007/2011 Foundation Level Certification.
- All applicants must be a U.S. Citizen, and have current security (SSBI) clearance eligibility with full collateral investigation with sensitive compartmented information, day one and prior to entry on duty. 

Desired Qualifications and Skills:
It is desirable that the Senior Cyber Security Analyst has the following qualifications as a contract Senior Cyber Security Analyst:
- Experience managing and using the Cyber tools used at the DOIM.
- A relevant educational degree in one of the follow fields: Computer Science, Information Systems, Information Technology, Cyber Security, Statistics, Business Administration, Systems Engineering, Computation Science, Computer Engineering, Electrical Engineering, Data Analytics, Information Technology, Information Security and Assurance, Mathematics, Software Engineering, Systems Engineering, or Telecommunications