Ampersand Solutions Group, Inc. (AMPERSAND) has a requirement for a mid-level Cyber Security Analyst who will provide Risk Management Framework (RMF) and Information System Security Officer (ISSO) support at both classified and unclassified levels to our US Army Threat Systems Management Office (TSMO) customer in Huntsville AL.
SCOPE
The Cyber Security Analyst will support the identification of system vulnerabilities and determine appropriate security controls to mitigate or eliminate risk from the uncovered vulnerabilities. Additionally, the Cyber Security Analyst will be responsible for preparing artifacts and documents to support government Authorization to Operate (ATO) activities.
TECHNICAL REQUIREMENTS
Cyber Security Analyst Duties and Responsibilities:
- Serves as an Information Systems Security Officer (ISSO) and will develop and advise on RMF packages, strategies, and technical components to ensure compliance of NIST 800-53 security controls. Assist in the implementation of the required government policy (i.e., NISPOM, NIST, DoD), and documenting process activities.
- Develop security artifacts to support the Information Assurance program to include System Security Plans (SSP), Plan of Action and Milestones (POA&M), System Diagrams, System User Guides, Privileged User Guides, and other documentation as needed.
- Perform self-assessments of systems and networks within the environment, using passive evaluation audit tools such as: STIG Viewer, SCAP Compliance Checker (SCC), and active evaluations through ACAS/NESSUS.
- Track enterprise reporting and efficiencies through automatic generation of required security compliance reports, integration of security tools, system documentation, and other artifacts utilizing the Enterprise Mission Assurance Support Service (eMASS).
- Track security updates for Windows and Linux-based operating systems, VMWare based products, and associated software applications to ensure compliance.
- Periodically conduct a review of system audits, monitor corrective actions until all actions are closed, and identify deficiencies during RMF assessment activities.
Cyber Security Analyst Requirements and Qualifications
- Minimum 3 years experience with Cybersecurity/Risk Management Framework
- Minimum of an active SECRET security clearance – TOP SECRET preferred
- Working knowledge of cybersecurity technology and DoD/Federal cybersecurity policies (i.e., DoD 8500.01, NIST SP 800-53, etc.).
- Experience utilizing Enterprise Mission Assurance Support Service (eMASS)
- DoD 8570 Information Assurance Technical Level II Certification (Security+) or higher
- Ability to travel up to 15%
Desired
- BS degree in relevant field of study
- Working knowledge of ACAS/NESSUS, SCAP, STIG Viewer/Evaluate STIG tools,
- TOP SECRET / SCI security clearance
- Experience working systems under continuous monitoring