Security Analyst (ISSO Role)

ECS is seeking a Security Analyst (ISSO Role) to work in our Arlington, VA office / remote.

ECS is seeking a talented, diligent, and energetic Security Analyst. The successful candidate will Support Dashboard Development for the Department of Homeland Security's (DHS) Continuous Diagnostics and Mitigation (CDM) Program. CDM is a dynamic approach to fortifying the cybersecurity of government networks and systems. ECS provides systems engineering, development, deployment and operations for the CDM dashboard, which provides critical insight into the cyber posture of federal agencies. ECS is delivering the next generation CDM Dashboard. The CDM Dashboard increases visibility and insight in federal Agencies' cybersecurity posture by aggregating, displaying, and reporting data collected from tools and sensors deployed on agencies' networks which then report to a DHS-managed Federal Dashboard. The CDM Dashboard is comprised of multiple Commercial Off the Shelf (COTS) and open source products, software configuration packages and custom code which work together to operate as a single dashboard solution, tailored to meet DHS requirements. Core technologies include Elasticsearch and Kibana. ECS is also deploying, operating and maintaining the CDM Federal Dashboard, as well as a subset of Agency Dashboards hosted in a DHS-managed AWS environment under the Agency Dashboard as a Service (DBaaS) offering. Specific task areas within the CDM Dashboard contract include: Requirements Management, Design and Analysis, Development, Testing, Knowledge Management and Communications, Training, Helpdesk Support, Security Support, Deployment Services and Operations & Maintenance.

The ideal candidate will apply their ISSO experience and be able to assess security risks, analyze security data, and develop and implement security strategies to protect the program's technology infrastructure and data. They will implement and support all functions related to attaining and maintaining an authority to operate to include documentation, analysis, policy compliance, and the regular execution of system security activities. They will have a deep understanding of network protocols, operating systems, and cybersecurity best practices to guard against all potential cyber threats.

The ideal candidate will be able to align to the following duties:

• Experience with National Institute of Standards and Technology (NIST) security controls, the Governance, Risk Management, and Compliance (GRC) security documentation tool, Risk Management Framework (RMF), and security compliance processes
• Apply experience of RMF; significant experience producing Information Security documents (System Security Plan, Privacy Assessments – PIA, PTA, Risk Assessment, Incident Response, Disaster Recovery, Interconnection Systems Agreements, etc)
• Assist with production-systems data management, analyzing performance, identifying problems, and developing recommendations that support cybersecurity initiatives

• Collaborate with cross functional teams to collect, analyze, and present recommendations regarding security posture, risks, and mitigations in addition to brief technical vulnerabilities and system non-compliance based on Information Security policy

• Develop, revise, and capture system-specific workflows and processes that align with compliance and program governance based on relevant guidelines and regulation

• Evaluate system functions for writing security control language for the satisfaction of an authority to operate

• Document security best practices and standard operating procedures, and collaborate with other teams to support cross cutting processes

• Assess the impact of system vulnerabilities identified manually or by security scans, and provide courses of action recommendations and remediation support

• Maintain system security awareness through regular monitoring and alerting

• Maintain accuracy of all security documents necessary for compliance throughout the system's lifetime

• Document and track POA&Ms from creation to completion
• Create and maintain dashboards to inform cyber risk posture

General Description of Benefits

• US citizenship with ability to obtain Public Trust Suitability
• Note: Fairfax, VA office with option to work remotely

• Bachelor's degree or 5 years of relevant experience

• Operating in the Federal cyber security domain spanning governance and risk management, business continuity and disaster recovery, encryption, software development security, access control, network security / secure architecture, and security operations

• Implementing NIST RMF and writing security control responses across all control families
• Infrastructure and network security experience

• Delivering Federal cybersecurity reporting and compliance requirements

• Evaluating system security posture from the application level to underlying infrastructure

• Supporting systems deployed in cloud hosting environments (AWS, Azure, etc)

• Experience communicating security concepts, governing policy, and compliance with both technical and non-technical personnel in oral and written mediums
• Experience with configuration and maintenance of IT Service Management (ITSM) tools such as Atlassian Jira in a production environment supporting Event Management, Incident Management, Problem Management, and Change Management