NetCentrics is a leading provider of enterprise systems management, solutions engineering, applications development, information assurance, computer network defense and cybersecurity for The Department of Defense, Department of Homeland Security and other federal agencies. NetCentrics is searching for a Cybersecurity Analyst to support our team in Denver Colorado. Candidate must be a U.S. Citizen or U.S. National and be willing to submit to a federal background investigation.
NetCentrics is looking for an experienced Cybersecurity Analyst with particularly strong skills in the field of federal information system Security Assessment & Authorization (SA&A) lifecycle process. He/she will be responsible for planning, developing, finalizing, and reviewing key deliverables in each stage of the SA&A process. As a result, a strong understanding of standards and requirements outlined by FISMA, NIST, OMB and others are required. The Cyber Security Analyst will be actively engaged in identifying unique system characteristics, interviewing key organizational personnel (technical, administrative, and executive), working with the IT Security consulting team to compose requisite documentation (security categorizations, risk assessments, contingency plans, security test & evaluation reports, vulnerability assessment reports, etc.), and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices.
Specific Areas of Responsibility:
- Working face-to-face with multiple stakeholders interviewing, planning, or participating in a team effort to bring multiple complex projects to fruition in a highly motivated, fast paced environment.
- Development of SA&A process documents
- Maintaining documentation in the Cyber Security Asset Management (CSAM) System
- Conducting in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
- Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.
- Developing continuous monitoring systems’ performance metrics to ensure systems are compliant with the clients Program
- Collaborating with system owners, security officers, and IT staff to compile statistics for the
- performance of security control assessment planning and execution in compliance with client policies and procedures
- Reviewing vulnerability scans of Continuous Monitoring Systems and document findings
- Tracking vulnerabilities to determine if it is documented in the system’s POA&M and determine if the vulnerability is remediated IAW guidance
- Reviewing software and hardware inventory for accuracy
- Facilitating stakeholder meetings
- Reviewing deliverables to ensure they are submitted IAW with ISCM Program guidance
- Managing FISMA Inventory System to ensure all data related to system is reported accurately
- Collaborating with the FISMA Inventory System database administrator to discuss stakeholders needs and concerns
- Providing direct support to the Policy and Compliance Director; support includes conducting research for data calls, drafting quarterly reports, and assisting with ad hoc tasks as requested
Required (and Desired) Experience and Education:
- BS in an computer related field of study
- Candidate must be certified IAW 8570 IAT/IAM Level II.
- 5 years of knowledge and practical understanding of NIST SP 800 series, FISMA-related activities to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA&M), and training requirements.
- History of successful RMF package development
- History of SOP/TTP development for RMF processing
- Knowledge of and experience with Federal Privacy requirements to include Privacy Impact Assessments PIA and personally identifiable information (PII).
- Previous experience with scanning tools: Nessus, SIH, AppDetective, WebInspect and the knowledge to interpret results.
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience.
- As a contingency to employment at NetCentrics, all candidates who are given offers must successfully pass a full background investigation including criminal history, education and employment verifications.
Desired Experience/Skillsets (Not required):
- Experience with Dashboard development for continuous review of IA compliance
- Experience with Governance Risk and Compliance (GRC) Tool implementation
- Computer network penetration testing and techniques.
- Experienced with static and malware analysis.
- Security Professional Certifications (CISSP, CISM, CISA, or CAP).
- History of leading automated continuous monitoring efforts
- Experience with Linux and Windows operating systems.
*Target star date for position is April 1st, 2018
**In order to be considered for this position, you must apply directly through our careers site**
NetCentrics is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.