Cybersecurity IV&V Analyst

Have you ever wanted to be part of a world class engineering firm that manages to impact critical missions, while still maintaining a culture where engineers and professionals stand out and get to show off their individual skills and expertise?

Our client is a mid-sized engineering firm with more than 45 years of experience successfully supporting a large variety of Department of Defense and other government agencies' missions, mostly involving aspects of national security.

Cybersecurity IV&V Analyst

The overall effort supports Joint Staff (JS) J6, Cyberspace Division (Pentagon). The position will serve as an IT Security Assessor in support of the JS IV&V efforts using automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities and deficiencies of JS information systems to include enclaves, networks, applications, services, software, and Platform IT (PIT).

*Clearance Requirement:Active DoD Top Secret with SSBI or a Tier 5 background investigation

Responsibilities

• Coordinate with the appropriate joint directorate (JDIR) information security officer (ISO) or Program Manager (PM) to identify appropriate information system security manager (ISSM), information system security officer (ISSO), and other points of contact to obtain required artifacts for evidence, examination, and inspection before, during and post assessments.
• Conduct in-depth vulnerability assessments and asset information system auditing (e.g., servers, workstations, network appliances, storage devices, and applications), review security controls and configurations, and validate if security objectives and goals are met, and, where applicable, review compliance requirements and best practices.
• Request a plan of actions and milestones (POA&M) and vulnerability scan results/documentation and will review and request system owner inputs for unmitigated exploitable items over 21 calendar days old.
• Produce Security Assessment Plans (SAPs) for government approval prior to the assessment, record findings during the assessment, and produce a Security Assessment Report (SAR) for the JS SCA and AO following the assessment period.
• Assess the compliance, effectiveness, or changed state of security controls protecting the JS owned or operated portion of the DoD Information Network (DoDIN) and separately operated ISs.
• Assess STIG checklists for accuracy and assist system owner/ISSM in importing validated scans to eMASS and linking to applicable security controls.
• Complete 100% accurate IV&V inspections as attested to by an ISSM SAR review for RMF Step 4 assessments, and assessments IAW NIST guidance for JS authorized systems in continuous monitoring.
• Provide a written Security Assessment Plan (SAP) documentation prior to each independent security control assessment.

Qualifications

Required:

• Minimum of 5-7 years of task related experience.
• Appropriate Cybersecurity workforce certification(s) at the IAM II/IAT-III level.
• NIST and Risk Management Framework experience.
• Active Top Secret clearance with a Tier 5 background investigation or SSBI.
• CISSP and Certified Authorization Professional (CAP).

Preferred:

• Bachelor's degree from an accredited college in Engineering, Computer Science, or Cybersecurity is preferred.