NCIS Cyber Security Analyst

Clearance Level
Cyber Security
Quantico, Virginia

REQ#: RQ127623

Travel Required: None
Public Trust: None
Requisition Type: Regular

Join General Dynamics Information Technology (GDIT) and be a part of the team of men and women that solve some of the world’s most complex technical challenges. The NCIS program is searching for a Senior Cyber Security Analyst to join their team in Quantico, VA


The Naval Criminal Investigative Service (NCIS) is an organization of over 2,200 personnel of which 700 serve at HQ and the remaining staff serve at offices worldwide. NCIS is the Department of Navy (DON) component with primary responsibility for criminal investigation, law enforcement (LE), counter-terrorism (CT), counterintelligence (CI), and cyber matters.  NCIS not only has primary responsibility for all criminal investigative, CI, CT, and cyber matters within the DON, but it also has exclusive investigative jurisdiction in non-combat matters involving actual, potential, or suspected criminal, terrorism, sabotage, espionage, and subversive activities. 


NCIS provides the DON with threat status and warnings associated with terrorist, criminal, cyber, and counterintelligence activity throughout the world.  NCIS is the only DON organization that has the information and responsibility to fuse and analyze the national intelligence and law enforcement information necessary to provide these warnings.  


The Digital Business Directorate (DBD) supports the NCIS core mission areas to investigate and defeat criminal, terrorist, and foreign intelligence threats by planning for and providing services through appropriate use of the people, equipment, technology, and infrastructure resources of the United States Navy and Marine Corps. 



  • Supports all authorization package ACAS related tasks assigned to ISSEs and NQVs.  The goal is to provide the required artifacts IAW the Navy Testing Guidance and Risk Management Framework (RMF) Process Guide required for the submission of an RMF Authorization package.
  • Performs 90 Day Baseline Scans for each Authorization package in accordance with Navy requirements; provide Detailed Vulnerability List (DVL) Reports for use in the eMASS record; provide ACAS Summary Reports in accordance with the Navy Testing Guidance.
  • Conducts weekly and “As Needed” ACAS scans in support of RMF STEP 3/STEP 4 processes, vulnerability assessments and queries specifically targeting authorization package assets; support continuous monitoring for authorized packages and report vulnerability status of all active Enterprise Security packages; create asset lists using provided hardware lists.
  • Performs risk analyses of computer systems and applications during all phases of the system development life cycle using the Assured Compliance Assessment Solution (ACAS) tool. 
  • Initiates Enterprise Mission Assurance Support Service (eMASS) registrations, prepares, processes, updates and monitors RMF Assessment and Authorization (A&A) packages; ensures A&A packages are evaluated and maintained in a compliant status; implements and validates A&A packages to ensure security controls and vulnerabilities meet DON RMF authorization compliance requirements. 
  • Performs all RMF STEPS and processes required to obtain Authorization to Operate (ATO) for multiple classified and unclassified systems. 
  • Designs, develops, engineers, and implements cybersecurity solutions that meet DON security requirements. 
  • Responsible for ensuring the integration and implementation of computer system security meets Navy compliance requirements. 
  • Identifies test requirements and tools based upon system architectures. 
  • Develops, reviews and implements security test plans and procedures. 
  • Establishes and satisfies system-wide information security requirements based on analysis of user, policy, regulatory, and resource demands. 
  • Supports the Government Cyber Security Managers in the development and implementation of cyber security doctrine and policies. 
  • Manages and maintains A&A packages using eMASS and XACTA tools. 
  • Reviews and assess system engineering documentation, (CONOPS, Contingency Plans, and installation and configuration specifications) to ensure security compliance and to identify security risks. 
  • Prepares briefing slides, status charts and support documentation for presentation to the client. 
  • Reviews and assess system diagrams for accuracy, consistency and traceability to hardware, ports, protocols and services (PPS) and authorization boundaries. 


Basic Qualifications:

  • 5+ years of experience in the systems security discipline with specific emphasis on Navy Cybersecurity practices. 
  • Must meet or exceed OPNAVINST 5239 requirements to be certified as a Navy Qualified Validator or must be certified within six months of start date.
  • Experience in the development of RMF Assessment and Authorization (A&A) Security Plans (SP), System Level Continuous Monitoring (SLCM), Ports, Protocols and Services Management (PPSM), Host Based Security Systems (HBSS), Assured Compliance Assessment Solution (ACAS) vulnerability scanning. 
  • Experience with Enterprise Mission Assurance Support Service (eMASS) tools. 
  • Experience preparing, processing, assessing, validating, and maintaining RMF A&A packages using eMASS and XACTA tools.
  • Must have experience with using public key-based technologies for applications. 
  • Security+ certification or equivalent. 
  • Secret to start but must eligible to be adjudicated to the TS/SCI level  

Preferred Qualifications:

  • Completed Navy RMF training 
  • Formal ACAS training 
  • Formal eMASS training

About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.