Phoenix Cyber is looking for a Cybersecurity Certification and Accreditation Analyst to join our client delivery team. This is a remote, work-from-home position with the possibility of minimal travel within the continental United States.
Qualifications
- Bachelor's Degree in technical discipline or equivalent and 5 years related experience.
- 5 years of relevant Risk Management Framework (RMF) and NIST C&A experience
- DOD cybersecurity experience
- 3 Years of experience with Enterprise Mission Assurance Support Service (eMASS)
- DOD Secret Clearance
- Experience in assessing security controls and conducting authorization reviews for large, complex organizations
- 5 Years of experience producing and maintaining DoD Certification & Accreditation Packages (DIACAP) or RMF package development and submission
- 5 Years of experience understanding and implementing DoD, DISA, Joint Staff, CNSSI and NIST cybersecurity instructions, publications and policies
- 5 Years of experience in understanding and validating NIST 800-53 Security Controls; CNSSI 1253 Security Controls and Overlays
- Demonstrated knowledge of Cyber Security and enterprise cyber security solutions.
Responsibilities
Responsible for all application security controls, RMF compliance, and Authority to OperateKey to the success of this position is the successful delivery of projects and effective communication to all levels of staff for reporting project statusThe analyst will serve as a Subject Matter Expert (SME) in cybersecurity, ensuring that all information systems are authorized in compliance with established policies and proceduresThis position is critical in evaluating security controls and determining the severity of vulnerabilities, as well as briefing senior management on the progress of information systems undergoing the authorization processServes as a cybersecurity Subject Matter Expert (SME) with regards to the authorization of information systems and all associated cybersecurity policies and proceduresFully versed in the general tenets supporting the overall DOD implementation of its authorization process, to include supporting cybersecurity policy, procedures and processesPerforms a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorizationPossess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization's IT infrastructureConducts accurate evaluation of the level of security requiredPossess an understanding of how the security controls identified in the NIST 800-53 and NIST 800-82Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control), and determines the possible ramifications on the system's current or future authorizationRequired to brief senior management on the progress or results of an information system undergoing the authorization processExperience utilizing DoD tracking systems to input / document cybersecurity deficiencies, vulnerabilities, and change requests in the appropriate tracking system for each program, e.g., Jira, HP ALM, and eMASS.Expertise in implementing, documenting, and maintaining baseline configuration frameworks for a range of IT systems, including operating systems, and applications, with a focus on industry-recognized standards such as CIS (Center for Internet Security) and DISA STIGs (Defense Information Systems Agency Security Technical Implementation Guides)Assessing and continuously monitoring cybersecurity risk ensuring that legacy and new capabilities adhere to enterprise standards such as Risk Management Framework (RMF), Cybersecurity Framework (CSF), and National Institute of Standards and Technology (NIST)Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertivenessKnowledge of audit and assessment activities and processesProven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneouslyAbility to interpret and communicate highly complex technical information clearly and articulately for all levels and audiencesPhoenix Cyber is a national provider of cybersecurity engineering services, operations services, sustainment services and managed security services to organizations determined to strengthen their security posture and enhance the processes and technology used by their security operations team.
Phoenix Cyber is an equal opportunity employer and complies with Executive Order 11246, Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veteran's Readjustment Assistance Act (VEVRAA), all amendments to these regulations, and applicable executive orders, federal, and state regulations. Applicants are considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, and / or veteran status.
Phoenix Cyberparticipates in E-Verify to confirm the employment eligibility of all newly-hired employees. To learn more about E-Verify, including your rights and responsibilities, go to
