Sr. Cyber Security Analyst

Overview

Abacus Technology is seeking a Senior Cybersecurity Analyst to provide technical support for the US Air Force Office of Special Investigations (AFOSI) in Quantico.  This is a full-time position.

Responsibilities

• Coordinate, maintain, change, and keep updated, the Risk Management Framework (RMF) Assessment and Authorization (A&A) packages for the five enclaves administered by AFOSI. 
• Develop and complete System Security Documents in accordance with the RMF Process. Monitor policy for the IT Enterprise Cyber Surety Division relating to the compliance, validation, and assessment of the four networks (NIPRNET, SIPRNET, JWICS, and SAPnet) and Major Information Technology Systems (MITS). 
• Maintain and update HQ's AFOSI Governance, Risk and Compliance (GRC) application for assessing/managing risk, and authorizations for all AFOSI data networks. 
• Implement Cybersecurity controls and assist AFOSI customers with the implementation on Cybersecurity controls where the Cybersecurity controls fall outside of the contractor’s area of responsibility. Continuously monitor for control compliance and take immediate actions to bring systems into compliance. 
• Ensure that all application deliverables comply with the DISA Application Security & Development and Database STIGs, which includes the need for source code scanning and a Web Penetration Test to mitigate vulnerabilities (including as examples, SQL injections, cross-site scripting, and buffer overflows).  
• Ensure successful implementation and tracking of all Tasking Orders (TASKORD), General Administration Messages (GENADMIN)), Notice to Airmen (NOTAM), Time Compliance Technical Order (TCTO), Data Call Orders (DCO) for the systems included in the five AFOSI enclaves.  
• Perform the Information Assurance Vulnerability Management (IAVM) process by ensuring systems and networks maintain compliance with vulnerabilities.
• Track and analyze Plan of Action & Milestones (POA&Ms) reports to conduct risks assessments.
• Review current Cyber Operational Readiness Assessment (CORA) requirements and ensure systems and their operations are compliant.  
• Perform self-inspections every nine months and routinely as needed.  

Qualifications

10+ years’ experience in Cybersecurity and Information Assurance including at least a year of experience in systems administration in a Windows based environment.  Bachelor’s degree in a related field.  Must be certified at IAT Level III (CISSP, CASP+ CE, CISA, GCED, GCIH, or CCNP Security).  Extensive experience with RMF, GRC, STIGs, Ports, Protocols, and Services Management (PPSM), and Security Controls.  Extensive experience performing vulnerability and risk assessment using DISA's Assured Compliance Assessment Solution (ACAS) suite or Nessus Security Scanner.  Experience working with Enterprise Mission Assurance Support Service (eMASS).  Experience performing IAVA compliance audits using DISA tools such as ACAS.  Working knowledge of the RMF to include categorization, security control selection, implementation plan development, assessment, and continuous monitoring.  Working knowledge of analyzing the result of a security risk assessment.  Knowledge of IT Systems Maintenance Compliance processes to include information assurance vulnerability management (IAVM).  Experience creating, reviewing, and revising security documentation and artifacts.  Experience with Vulnerability Management tools, such as Nessus and ACAS, including the ability to read and write automated reports, and interpret the results.  Experience with Fortify Static Code analyzer, or another code scanner. Includes writing POA&Ms for open findings.  Experience with security information and event management (SIEM) software, such as Splunk or ArcSight.  Experience with McAfee HBSS (Host-Based Security System), or ESS (Endpoint Security System) to include ePO (E-Policy Orchestrator) administration and searching for rogue systems.  Strong desktop application administration experience to include Microsoft Office, web browsers, and anti-virus applications.  Excellent communication skills, both oral and written, analytical skills to troubleshoot cybersecurity issues, and an ability to conceptualize server infrastructures and configurations.  Must be able to apply intensive and diverse knowledge to problems and make independent decisions.  Must be a team player able to work professionally and collaboratively with the government customer and other contract members of the project team.  Must be a US citizen and hold a Top Secret clearance with SCI access (TS/SCI).

Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.

EOE/M/F/Vet/Disabled