The C5AD Cybersecurity Analyst provides design implementation and maintenance functions for the Risk Management Framework (RMF) Program in support of the Deputy Director, C4 and Cyber Integration (DDC5I) C5 Assessments Division (C5AD) mission and Persistent C5 Environment (PC5E).
Provide Information Assurance Cybersecurity (CS) support to the Information Systems Security Manager (ISSM) and project teams:
Maintain accreditation of customer's test and development networks and project enclaves by applying the Risk Management Framework (RMF) in validating and certifying systems, applications and networks, and preparing authorization packages for formal approval
Analyze vulnerability scans and configuration scans to ascertain residual risk
Evaluate system and network device configurations against DoDI 8500.2 IA Controls to ascertain the authorization readiness of commercial (COTS) and Government (GOTS) systems, applications, and architectures
Ensure integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies
Organize and maintain artifacts in Enterprise Mission Assurance Support Service (eMASS) to develop authorization packages for approval by the Joint Staff Authorizing Official
Determine the security posture and readiness of systems and architectures involved in assessment of Command and Control (C2) interoperability between DoD, Coalition, COTS/GOTS tools, systems, and systems of systems
Support project teams by assessing network and system security design features and making recommendations concerning overall security authorization readiness and compliance with CS guidance and best practices
Support interoperability assessment teams by applying CS SME judgment to assessment criteria, metrics, and techniques; develop CS assessment objectives; and present written analysis and conclusions in all phases of analysis
Preferred Skills (one or several of the following):
Strong understanding of RMF, NIST SP 800-53 IA Controls, eMASS, and ACAS
Ability to conduct Information Systems vulnerability assessments, risk mitigation, and Plan of Action and Milestone (POA&M) development and tracking; understanding and application of mitigation strategies, IAVAs, and IAVBs
Ability to research policies, procedures, standards, and guidance and apply under specific conditions for protection of information and information systems
Network and/or System Administration technical expertise with (primarily) Microsoft operating systems, Linux/Unix operating systems, Cisco products, and VMWare/virtualization
Experience with DoD cyber operations (USCYBERCOM, Navy Fleet Cyber, etc.)
Experience with wireless (802.11) protocols, wireless network scanning tools, and mobile device security
Experience with Cross Domain systems / guards
Bachelor's Degree in Computer Science or related technical discipline or the equivalent combination of education, professional training or work experience.
Educational equivalency for this position is defined as at least five (5) years of related experience working in maintaining and managing computer systems that are used to support multiple computer operations at the same time; and
Experience/familiarity with cyber policy development, cyber concepts of operation, cyber situational awareness/monitoring systems, and/or cyber defense/protection operations
Demonstrated ability to assess system and network vulnerabilities; employ computer forensics to determine the extent and impact of intrusion; assess compliance with cyber security measures and cyber doctrine; and conduct risk analysis and penetration testing for systems and applications
Experience conducting both classified and unclassified automated computer system assessments, to include experience with scientific methodology for experimentation and documentation is desirable
Must have an active DoD Secret security clearance and be eligible for Top Secret
Must be a U.S. citizen
Certified DoD 8570.1-M IAM Level 2 (e.g., CISSP, GSLC, CAP, CISM, CASP CE)
Work Location: Joint Staff J6 C5 Assessments Division, Suffolk, VA
" We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.