Cyber Security Analyst

Overview

DecisionPoint is currently looking for an experienced Cyber Security Analyst to join our team at the Office of the Inspector General at the Department of State in Arlington, VA. 

This position requires 1 day a week onsite in Arlington, VA.

Duties & Responsibilities

• Support system A&A activities, to include pre-assessment control reviews, artifact gathering, system security and associated plan updates, and other documentation review and updates for the migrated website and other OIG systems and applications
• Support creation and maintenance of OIG Federal Risk and Authorization Management Program (FedRAMP) cloud solutions documentation
• Perform security control reviews of OIG facilities, systems, and applications to support the OIG continuous monitoring strategy plan and annual reviews. Identify and track findings in Plan of Actions and Milestones (POA&Ms)
• Support and initiate the incident response process in accordance with guidelines.
• Assist System Owner and support staff by providing timely advice, guidance, and templates to complete required tasks and documentation
• Support annual incident response and contingency plan training and testing activities.
• Complete review of system and application configuration settings using automated and manual method.
• Complete vulnerability scanning of all assets. Compile data to assist remediation activities; coordinate with systems administrators to implement corrective actions. Assist in the development of POA&Ms for outstanding risks.
• Coordinate with system administrators and application/database support to research and resolve security concerns and revise documentation
• Assist in the preparation of official memorandums, such as Chief Information Officer risk acceptance, POA&Ms, and various appointment letters.
• Research user questions and requests; make recommendations based on Department and OIG policy; complete file transfer requests in accordance with federal and Department of State guidance.
• Assist in compiling data to support data calls and quarterly Federal Information Security Modernization Act (FISMA) reporting.
• Support the configuration management process through the completion of preliminary security impact analyses
• Track user cybersecurity awareness training and rules of behavior agreements.
• Monitor the Department continuous monitoring system; coordinate with system administrators to initiative corrective actions
• Provide detailed weekly status reports

Qualifications

Required:

• Active Secret Clearance required.
• Information Assurance (IA) subject matter expert with 5-7 years of Federal government knowledge and experience in applying and implementing the NIST Risk Management Framework and Special Publications 800-53, 800-37; FedRAMP, NIST Cybersecurity Framework, and other FISMA requirements
• Experience in configuring and running vulnerability and configuration compliance (SCAP) scans, troubleshooting issues, and analyzing data to identify trends and recommend remediation actions.
• Complete understanding of Department of Homeland Security Continuous Diagnostics and Mitigation (DHS CDM) program requirements and implementation requirements at a general level
• Experience in host-based and network-based security tools, analyzing alerts, and initiating the incident response process, working with operations team and management to analyze and categorize level of threat, take appropriate and timely actions to mitigate threat and associated vulnerabilities
• Understanding of operating in multi-network environments that are multi-tiered and risks associated with this type of network architecture
• Experience working with security information management (SIM) and/or security information and event management (SIEM), user behavior analytics (UBA), and anti-malware tools
• Experience with cloud hosted infrastructure and applications environments such as Microsoft Office 365 and Microsoft Azure
• Understanding of threats specifically related to mobile users and mobile devices
• Experience in researching different types of technical security threats and recommending mitigating actions
• Proficient in writing and maintaining system security plans, information security policies, and official memorandums intended for executive leadership
• Familiar with use of Information Technology Infrastructure Library (ITIL), Capability Maturity Model Integration (CMMI), and/or Project Management Professional (PMP) processes

Desired:

• Certified Information Systems Security Professional/Certified Information Security Manager (CISSP/CISM)
• PMP

Our Equal Employment Opportunity Policy

• EEO and Affirmative Action Policy: DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws.
• Pay Transparency Policy: In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
• Authorization to Share Resume and Personal Information: By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.