SME Information Security Analyst - TS/SCI Required
(Multiple states)
Full Time
Experienced
cFocus Software is seeking an SME Information Security Analyst to join our program supporting CISA in Arlington, VA or Pensacola, FL. This position requires active TS/SCI clearance.
Qualifications:
Qualifications:
- Active TS/SCI clearance
- 10+ years of proven experience performing security controls.
- Active CASP+, CySA+, or CISSP certification
- Possess excellent verbal and written communication skills; have knowledge, skills, abilities, and experience with common assessment & authorization (A&A) application platforms (e.g. eMASS, CSAM, Xacta is preferred) for performing tasks in Section 6.3. and strong architecture, network and infrastructure security, or next gen security expertise (agile/hybrid agile, cloud).
- The SME Information Security Analyst must have extensive experience working with various security methodologies and processes, compliance controls related to cloud security, performing assessments in cloud computing environment, extensive experience providing analysis and trending of vulnerability data form a large number of heterogeneous devices, and must possess expert knowledge in risk and vulnerability management.
- 10+ years of experience with Reverse Engineering, Computer Forensics, Adversarial Emulations, Incident Response, Vulnerability Assessment and Management, Risk and Threat Mitigation, and Penetration Testing
- 10+ years of technical experience using concepts such as (SaaS, PaaS, & IaaS)
- 10+ years of experience working with AWS, Kubernetes, Dockers, Linux, Windows
- Responsible for leading the RMF assessment, authorization, and monitoring steps for systems following NIST and ICD 503 standards and best practices.
- Maintain ongoing knowledge of Federal policies and practices related to cyber security
- Participate in the RMF process providing Authorization and Assessment (A&A) support to include the review of risk trade off analysis required to recommend risk acceptance and authorization decisions.
- Support all activities to maintain security authorization of each system, which include but are not limited to: monitoring status of POA&Ms until closure, annual assessments, continuous monitoring, and (future) ongoing authorization activities as required by DHS policy.
- Perform impact analysis of the requirements through evidence-based reasoning and risk management needed to create and maintain a defensible security posture for the program.
- The Contractor may be required to perform assessments for two or more different systems simultaneously
Apply for this position
Required*