What are the responsibilities and job description for the Cybersecurity Risk Management Analyst position at Antero Technology Services?
Are you ready to grow as a Cybersecurity Risk Management Analyst? Antero Technology Services is looking for a proactive person with a TS/SCI clearance to join our Enterprise Infrastructure Engineering Team. You will work with the Information System Security Manager to maintain Authority to Operate approvals for various systems by adhering to the Risk Management Framework as stipulated by NISPOM/DAAPM, NIST 800-53, ICD 503, STIGs, and associated publications. You’ll be part of a team who reliably delivers the enterprise systems for tens of thousands of mission-critical customers on a global scale.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.
Your Place in Our Team
We’re a small business which means you make a big difference with our team. We offer full company-paid health plans, time off, retirement, and other financial benefits. Our culture thrives on learning, and our professional growth program helps pay for your advancement. We encourage leadership growth too, and we’ll help you build and lead a team of your own.What you’ll be doing
- Act as an appointed Information System Security Officer (ISSO) for IC cyber systems being developed by the Engineering Team
- Analyze security controls in accordance with IC, AO, or NIST-800-53, rev 5; author System Security Plans, System Security Test Plans, Authorization and Accreditation, and other system documentation
- Report, document, and brief the cybersecurity status of systems under development while assuring the successful and timely progression through the DoD Risk Management Framework to the satisfaction of the appointed Information System Security Manager, and/or senior government leadership
- Ensure the remediation of any findings assigned to engineering as documented in the Security Assessment Report and its Plan of Actions and Milestones
- Assess the impact that proposed changes might introduce to the environment, and provide updates to the ISSM regarding configuration management changes to the authorization boundaries
- Document and defend reasoning when waivers are sought, or non-standard remediation solutions are requested for specific security controls
- Conduct periodic reviews of information systems to ensure compliance with the security authorization package
What you’ll need to have
- TS/SCI with CI Poly, or willingness and ability to be cleared
- High School 12 years; Bachelor’s 10; Master’s 8
- Security or similar IAT Level II certification
- In depth understanding and application of NIST 800-53 security controls
- Experience with Xacta, vulnerability scanning (Nessus, SCAP, ACAS, SCC), and other RMF tools
- Experience with the procedures and preparation of Assessment and Authorization documents of various systems including Windows, Linux, network devices, and peripherals
- Experience with annual assessments and documenting compliance in an automated tracking system; experience developing POAMs with the Information Systems Security Manager to address non-compliance in the allotted timeframe
- Ability to articulate and document thoughts effectively
- Engaging communications style with customers, peers, and support teams
Strengths you’ll bring to our team
- Passion for learning and professional growth
- Eagerness to help customers, peers, and juniors
- Taking ownership to do the right things right
- Building trust by delivering results that make a difference
- Comfortable communicating good news, bad news, challenging opinions, and innovative ideas
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.