We are seeking a Cyber and ATO Analyst with strong skills and hands-on experience in a government environment to support the authority to operate (ATO) process of an automated (or computer-assisted) processing environment. Ideally, this candidate will support the Program as an Information Systems Security Officer (ISSO) and will interface with counterparts on the client side at the Department of Veteran Affairs. Your contributions and leadership will be vital to providing a high quality user experience to our customers. You will utilize your highly proficient security skills to incorporate new technologies into the application platform.
In your role as the Cyber and ATO Analyst, you will work within agile software development methodologies teams to support the sustainment, operations, maintenance and enhancement of D365 based system and their integration with the VA’s enterprise supporting Customer Relations Management (CRM). Interface with VA line of business leadership, VA OIT leadership, COR and DevOps support team to ensure continuous security controls monitoring and update. You will perform complex analysis, scanning, and safeguarding sensitive information within a computer network. Your activities will include researching, developing, implementing, testing and reviewing an organization's information security in order to protect information and prevent unauthorized access.
This is a challenging job that requires a top performer who is able to keep on point, communicate quickly and clearly with a large stakeholder group, and provide an organized and calm response to issues and problems. You will be required to be a quick learner who can readily adapt to new technologies and rapidly changing requirements and priorities.
As the Cyber and ATO Analyst, you will, among other duties:
Be the single point of contact for the security posture of systems under their responsibility. The position assists and supports development of programs and processes that strengthen the overall information security posture of the unit and organization.
Interface with the VA ISSO on status, audits and any plans of action to be compliant with security controls defined and active
Manage the maintenance of approvals/accreditations for all systems and ensures transmission to appropriate government agencies on a timely basis;
Developing information system security plans (SSP), best practices and guidelines;
Updating and maintaining the system security plans for each accredited computer system at specified sites;
Monitoring a system and its environment of operation to include developing and updating the SSP, managing and controlling changes to the system, and assessing the security impact of those changes;
Conducting routine audits of approved systems;
Developing, implementing, explaining, briefing and training the system custodians/users concerning their duties/responsibilities on accredited systems;
Perform administrative duties to authoring SSP and all other approval / accreditation paperwork for approvals;
Ensures compliance with government and company security policies.
You will have the opportunity to contribute on an individual basis as well as demonstrate your strengths as a team player.
Master's or advanced degree in Computer Science, Cyber Security, Mathematics, or Engineering with at least 7 years of experience; or Bachelor’s degree in related fields with at least 10 years of experience; or 15 years of work experience in computer science or cyber security-related field without a degree;
At least 5+ years of experience support security controls and related activities for maintaining operational compliance mandated by client directed controls
At least 2+ years conducting security audits for both physical locations and electronic systems
At least 2+ years of experience with security efforts related to Windows, Linux, Ubuntu, AWS, CheckPoint Firewall, and SQL;
Experience with tools such as Tenable’s Nessus, IBM BigFix, AWS Cloud Watch, or like applications;
Experience implementing and using various IA tools including vulnerability assessment, patch management, audit collection, audit review, audit management, and end-point protection;
Eligible for Public Trust
Analytical skills, with the capacity to quantify and/or qualify risks as they relate to the enterprise systems;
Good communications skills, both in writing and orally;
Certified in Certified Information systems Security Professional (CISSP);
3-5 years system and application Certification & Accreditation (C&A), System Assessment & Authorization (SA&A), and/or Independent Validation and Verification (IV&V);
2-5 years security system monitoring, syslog and traffic analysis, and incident response;
2-3 years developing and maintaining standard operating procedures and work instructions;
2-3 years fulfilling Information System Security Officer (ISSO) role;
2-3 years fulfilling Windows and/or Unix administrator role or support;
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.