Abacus Technology is seeking a Cyber Security Analyst to support the overall security posture for the Naval Information Warfare Center (NIWC) Pacific. This is a full-time position.
Serve as a Risk Management Framework (RMF) Subject Matter Expert (SME) for all network security architectures, designs, implementations, and operations within NIWC Pacific RDT&E systems, networks, and applications. Provide engineering and technical support for the testing of systems, software, tools and products. Identify operational and functional requirements of new, developing and existing systems and develop a system security approach, which includes but not limited to defining potential threats, vulnerabilities, safeguards, and risk factors. Maintain good standing with the Navy Qualified Validator (NQV) program and serve as an independent validator as defined in the Navy’s RMF Process Guide, applying RMF guidance to Navy or DoD A&A efforts. Support NIWC Pacific with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and RMF implementation. Identify system confidentiality, integrity, and availability weaknesses, and provide corrective recommendations in accordance with NIST Federal Information Processing Standards (FIPS) 199. Utilize Enterprise Mission Assurance Support Service (eMASS). Review security control implementation down to the Control Correlation Identifier (CCI) level for compliance and provide appropriate guidance to customers developing valid mitigation/remediation statements. Develop A&A documentation to include but limited to: system security plans, system categorization forms, contingency plans, configuration management plans, support and sustainability plans, Plans of Action and Milestones (POA&Ms), Cybersafe grading documentation, and formal connection and service agreements. Assist system owners in achieving system authorization by providing validation and guidance on Federal and DoD requirements and maintain a repository of supporting documentation for accreditation/authorization packages. Conduct RMF continuous monitoring, testing and analysis of IA Controls for NIWC Pacific. Conduct continuing requirement analysis using government directed tools such as eMASS, Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), logging, event and asset aggregation and Government off the Shelf (GOTS) developed tools. Develop security policies, Standard Operating Procedures (SOPs), point papers, waiver requests, and any other security related documentation as determined by the Government. Perform technical risk assessment, analysis of mitigations, and IA controls in support of multiple Change Control Boards (CCBs) and other review bodies. Analyze scan results, Security Technical Implementation Guide (STIG) checklists, system design drawings, the Defense Information System Agency Ports Protocols and Services Management (PPSM) Category Assurance List (CAL), Information Assurance Controls (IAC) in eMASS, and any other available relevant security artifacts in order to make risk assessment and mitigation recommendations to the Government. Assist with monitoring, analyzing, detecting, and responding to Cyber events and incidents. Coordinate with Computer Network Defense (CND) Analysts regarding malicious events detected via HBSS and update incident reports as needed with supplementary HBSS data, to include creating customer-based signatures and analyzing alert data from HBSS to help develop strategies for addressing threats. Understand the Cloud Computing Security Requirements Guide (SRG) and cloud computing industry best practices; and utilize these tools to assist in the evaluation, research and development of IT cloud security risk assessments, security tools, and implementation plans. Evaluate risks associated with extending the network boundary to the cloud. Understand enterprise architecture and design systems as listed in project developed cloud migration plans that fulfill end-user requirements for outcomes, reports, performance, interoperability, and functionality. Assess information security risks to new projects and non-standard IT requests using risk assessment methodologies. Conduct or support validation and verification reviews of IT systems and subsystems against approved plans and architectures, and recommend methods for correcting findings.
2+ years experience in a cyber security or information assurance role. Bachelor’s degree in a related field. Must be certified in compliance with DoD 8570 IAM Level I (such as Cloud+ or Security+ CE). Extensive experience in in Risk Management Framework (RMF) to include performing all of the following: policy development and enforcement; eMASS package development; Assessment and Authorization (A&A) processes; Information Assurance Vulnerability Management (IAVM) and Computer Task Order (CTO) process and reporting; testing and analysis of IA controls and secure configuration using the Assured Compliance Assessment Solution (ACAS); analyzing system configuration per DISA STIG using STIGviewer, SCC, and OpenSCAP. Must have demonstrated knowledge of RMF and National Institute of Standards & Technology (NIST) implementation. Must be familiar with all layers of the technology stack, to include but not limited to: network routing and switching, firewalls, Virtual Private Network (VPNs), load balancers, network and server virtualization, server operating systems, large storage systems, data-exchange interfaces, databases, middleware, web services, and enterprise management tools used to administer all such capabilities. Must be a team player able to work professionally and collaboratively with the government customer and other contract members of the project team. Excellent written and verbal communication skills and a client focus. Must be a US Citizen and hold a current Secret clearance.
Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.