Cyber Security Analyst (Mid-Level)

Overview

MAR Division of Oasis Systems has an exciting opportunity for a Cyber Security Analyst in Rockville, MD.  The Cyber Security Analyst acts as a lead consultant, interfacing between the customer and IT security consulting team throughout the federal information system Security Assessment & Authorization (SA&A) lifecycle process. The ideal candidate is very detail oriented with strong written and oral communication skills as well as a strong technical background. He/she will be responsible for planning, developing, finalizing, and reviewing key deliverables in each stage of the SA&A process. As a result, a strong understanding of standards and requirements outlined by FISMA, NIST, OMB and other federal guidelines is required. The Cyber Security Analyst will be actively engaged in identifying unique system characteristics, interviewing key organizational personnel (technical, administrative, and executive), and working with the consulting team to develop and manage security documentation throughout the system lifecycle in support of FISMA requirements.  This includes, but is not limited to; security categorizations, system security plans, privacy impact assessments, contingency plans, configuration management plans, incident response plans, POA&Ms, vulnerability assessment reports, deviation requests, and any other necessary documents to support a system’s authority to operate (ATO).   

LOCATION: Rockville, MD

EXPERIENCE LEVEL: 4 years working in the SA&A field and at least 2 years information systems, computer science, or related fields (may be concurrent).

EDUCATION: BA/BS degree in information systems, computer science, or related fields.

CERTIFICATIONS AND TOOLS: The Ideal candidate will also have one or more of the following certifications: CISSP, CISM, CEH, CISA, Security and/or CAP

SECURITY CLEARANCE: Ability to obtain a NRC Clearance

JOB STATUS: Full-Time  

TRAVEL: Minimal

RESPONSIBILITIES: Functionally, the successful candidate will:

• Responsible for the development of security artifacts and/or standards and policies across multiple IT platforms, including: Mainframe, Client Server, and Web-based systems.
• Possesses an understanding of capabilities associated with security monitoring products across all IT platforms.
• Ensures that all policies reflect current standards in place including FISMA and other industry standards.
• Monitors compliance and conducts periodic reviews of policies.
• Minimum Education: BA/BS degree in information systems, computer science, or related fields.
• Minimum Experience: 4 years working in the SA&A field and at least 2 years information systems, computer science, or related fields (may be concurrent).

QUALIFICATIONS: This candidate must have experience with the following:

• Working face-to-face with multiple stakeholders interviewing, planning, or participating in a team effort to bring multiple complex projects to fruition in a highly motivated, fast paced environment.
• Development of SA&A process documents.
• Understanding of Cloud platforms (PaaS, SaaS, IaaS) and protections as described in FedRAMP.
• Assess/audit systems to analyze risk and report on identified weaknesses.
• Conducting in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
• Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.
• Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems, Virtual Private Networking, and virus/malware protection technologies -- behavioral based a plus).
• Knowledge of LAN/WAN design and general internetworking technologies. Hands-on experience a plus.
• Knowledge of Windows and Unix operating systems. Hands-on experience a plus.

MAR Division of Oasis Systems is an equal opportunity employer and does not discriminate in hiring or employment on the basis of any legally protected characteristic including, but not limited to, race, color, religion, national origin, marital status, gender, sexual orientation, ancestry, age, medical condition, military veteran status or on the basis of physical handicap which, with reasonable accommodation, render the application to satisfactorily perform the job available.