Logo
Amentum

Cybersecurity Systems Analyst - Senior

Amentum, San Diego

Save Job

Overview

Cybersecurity Systems Analyst - Senior at Amentum. Performs assessment and authorization coordination, advises on Risk Management Framework (RMF) and develops a Plan of Action and Milestones for resolving network deficiencies in accordance with DODI and ICD 503. Assess network compliance against controls listed in NIST 800-53 and create A&A packages. Perform assessment, compliance, and validation of IT systems to support the Cybersecurity program at USSOCOM, its Component Commands, TSOCs, and deployed forces. Ensure the integrity of customer systems by identifying and mitigating potential shortcomings and vulnerabilities.

Advise USSOCOM, its Component Commands, TSOCs, and deployed forces on network and system risks, risk mitigation courses of action, and operational considerations.

The role includes security evaluations and vulnerability assessments using DOD ACAS, Nessus, and Security Content Automation Protocol tools. Identify applicable STIGs and perform assessments using SCAP. Liaise with network and system administrators to correct identified deficiencies. Review scans for new systems and applications introduced into the SOF environment, identify issues, and draft certification letters for the government. Coordinate with the Site Integration Facility (SIF) to ensure systems and applications meet DISA STIG requirements. The Cybersecurity Systems Analyst should be knowledgeable of cyber network defense tools such as endpoint security, SIEM, and compliant connect solutions.

Typical duties

  • Tracks A&A status of SIE governed ISs and ensures artifacts and documentation are available in the USSOCOM-preferred automated tool.
  • Provide DoD & IC RMF subject matter expertise to USSOCOM and its components, including development and execution of the RMF program.
  • Maintain, track, and validate DISN, cloud and DIA connection approval packages (USSOCOM and subordinate organizations).
  • Develop and maintain documentation for networks, cloud environments, information systems, and technologies as introduced into the SIE.
  • Develop and review A&A for SIE networks, cloud environments, systems, services, telecom circuits, mobile devices, hardware, and software to obtain ATO/IATT/ATC.
  • Perform risk and vulnerability assessments of IT/IS for authorization and prepare risk assessment reports for submission to the SCA and AO/DAO/DAA as per policies.
  • Assist with enforcement of A&A and connection standards for networks and systems.
  • Track and maintain A&A databases, websites, and tools to ensure proper cybersecurity documentation and management.
  • Report compliance with applicable cybersecurity regulations to higher headquarters (e.g., USCYBERCOM, DIA).
  • Provide timely notifications to prevent lapses in accreditations (e.g., 30, 60, 90 day notices).
  • Develop and maintain an Information Security Continuous Monitoring (ISCM) Plan.
  • Identify, assess, and advise on cybersecurity control compliance and associated risks.
  • Coordinate with USCYBERCOM, DoD, DIA, NSA, DISA, and subordinate organizations to resolve issues with security, A&A, connection approvals, and waivers.
  • Perform security authorization and assessments for networks, cloud, information systems, hardware, software and devices; apply related policy and provide project management support.
  • Validate patching, perform validation scanning, develop Plans of Action & Milestones (POA&Ms), and report as directed by policies and regulations.
  • Provide SME for COA development and cybersecurity mitigation strategies.
  • Develop and implement processes, procedures, and capabilities to mitigate vulnerabilities in software and hardware deployments.
  • Identify, implement and validate continued effectiveness of key performance parameters and security measures.
  • Perform analytics on cybersecurity posture and report to AO/DAO and applicable stakeholders as required by ISCM and AO/DAO directives.

Knowledge, Skills and Abilities

  • Experience with US Combatant Commands (USCENTCOM/USSOCOM) is desired.
  • Technical background with system administration, architecture, and engineering preferred.
  • Technical background in networking, identity management, Microsoft and Linux operating systems, database, and mobility.
  • Working knowledge of RMF.
  • Knowledge of Telos Xacta or eMASS is desired.
  • Excellent written and verbal communication and interpersonal skills.
  • Knowledge and experience with DoD IA processes and policies (e.g., DODI , NIST, CNSS, CJCSM , Incident Response, and other IA policies).
  • Active TS/SCI clearance required.

Experience, Education, & Certification Requirements

  • Years of Experience Required: 8+ yrs
  • Education Required: BA/BS
  • Certification Required: Current DoD -M, IAT- Level III or IAM Level III
  • Example Certifications: CISSP (or Associate), CASP+CE, CISA, CISM, CCISO, GCED, GCIH, CCSP, GSLC

Other

Note: The position requires a US government security clearance. Travel may be required; work environment is primarily cubical. Standard hours typically Monday through Friday, with travel as needed.

#J-18808-Ljbffr