Cybersecurity Assurance Analyst
Washington D.C. metropolitan area | Telework – 20 to 40% per week
We need an emerging Cybersecurity Assurance Analyst that will bring high-energy to a growing portfolio of federal projects that range from security policy and cybersecurity strategy to advanced engineering. You’ll support operations, consult and advise executives, and drive initiatives to improve our client’s enterprise security posture. You will also support the cybersecurity service line growth strategy, have exceptional people skills and be able to develop in-depth customer knowledge and relationships that ultimately result in new growth.
This is a unique opportunity for a polished DevOps Engineer to launch their career upwards.
Specific Position duties may include, but are not limited to support of the following:
- Assess the current state of the Information Assurance (IA) Program, identify areas for improvement, and execute approved recommendations;
- Conduct SA&A for systems to include: System Security Plan; Business Impact Analysis; Risk Assessment; Contingency Plan; Incident Response Plan; Security Test and Evaluation (Plan and Results); Plan of Action and Milestones; Certification Statement; and Accreditation Statement.
- Provide expertise and support for annual assessments, contingency planexercises, and incident response plan exercises as part of the SA&A continuous monitoring phase;
- Provide IA guidance and support for IT Modernization program;
- Provide IA support in maturing and maintaining the Change Management program;
- Develop and provide guidance regarding cybersecurity policies, procedures and best practices for software development life cycle (SDLC), DevOps, networking, and server management;
- Provide support and manage Education, Training (general and specialized) and Awareness (ETA) initiatives for staff with cybersecurity responsibilities;
- Develop and monitor corrective action plans in conjunction with Project Managers for Plan of Action and Milestones (POA&M) remediation activities;
- Provide support for implementation and compliance with agency and other Federal initiatives such as Federal Risk and Authorization Management Program (FedRAMP); Cybersecurity Workforce Assessment Act (including National Institute for Cybersecurity Education (NICE) Cybersecurity Workforce Framework); Cybersecurity National Action Plan (CNAP); Federal Data Center Optimization Initiative (DCOI); Federal Identity, Credential, and Access Management (ICAM), Internet Protocol version 6 (IPv6) and future memorandums, orders, directives, laws, or policies; and
- Provide support, as directed by the Information System Security Manager (ISSM), to the Community concerning Information Assurance policies, processes, and procedures; and Perform other activities relating to the information Assurance program as directed by the ISSM and/or Indev’s Senior Director, Cybersecurity.
- Manage baseline configurations using Departmental configuration management enterprise tools, initiate security remediation efforts in coordination with the other Support Staff, and provide reports on compliance and security posture;
- Evaluate new software requests for security considerations and compliance with Federal regulations and guidance;
- Analyze change requests for security risks, interdependencies with other changes, and impact to other systems;
- Perform regularly scheduled vulnerability scans and provide a variety of reports, to include: system-level vulnerabilities, remediated vulnerabilities, and new versus existing vulnerabilities; and
- Recommend efficiencies or best practices.
Incident Response / Security Scanning
- Analyze daily security scans and coordinate with system teams for mitigation;
- Update scanning list as needed and analyze false positives;
- Schedule Code and System scans with System Owners; analyze results and work with systems teams for mitigation; and
- Provide Incident Response (rotating schedule) to include communication; coordination; and notification of SOC and other appropriate stakeholders.
- Provide expertise and support for review and updating of privacy threshold assessments (PTAs), privacy impact assessments (PIAs), and system of records notices (SORNs);
- Provide support in reporting and responding to privacy incidents;
- Recommend efficiencies or best practices; and
- Perform other activities relating to the Privacy program as directed by the Privacy Officer.
- Master’s Degree in Business, Engineering or Science with at least two (2) years of experience in cybersecurity and federal information security or twelve (12) years total related experience relevant to solution implementation consulting with 3+ years’ of experience in cybersecurity and federal information security;
- Strong knowledge of FISMA and NIST guidance; and
- Demonstrated experience with broad array of cybersecurity tools and technologies.
- Security Certification; CISSP Preferred.