Cyber Security Analyst

Clearance Level
Interim Secret
Category
Cyber Security
Location
Virginia Beach, Virginia
Apply

REQ#: RQ70252

Travel Required: Less than 10%
Requisition Type: Regular
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is working to support the day to day IT, network, and cyber systems for the Naval Surface Warfare Center Dahlgren Division Dam Neck Activity (NSWCDDNA) and have an opportunity for a Cyber Security Analyst.

Duties and Responsibilities:

The Cyber Security (CS) Analyst is tasked with day-to-day oversight and monitoring of information security program and responsible for cyber threat identification, evaluation, prioritization and remediation activities under the direction of IT leadership. The role will monitor and provide analysis on information security-related issues, oversee security program components, and develop and maintain procedures and records for incidents and incident responses. Typical duties and responsibilities include, but are not limited to:

  • Supporting Network CS and Continuity Planning by supporting the establishment, exercise and maintenance planning to ensure continuity of operations for NSWCDD DNA.
  • Support NSWCDD DNA’s role in operational CS planning to contribute to the production and integration of CS compliant technologies and functionality in a network-centric environment.
  • Engage pertinent stakeholders and cross-functional event support SMEs as required to provide an overall framework for managing and coordinating necessary communications that directly, or indirectly, influence objectives and tasks. Network CS and Continuity Planning duties and responsibilities include, but are not limited to, the following:
  • Generate an assessment framework and methods for continued improvements of IA documentation, policy, and procedures and IA requirements for defending NSWCDD DNA architectures.
  • Interpret IA policy requirements; investigate IA capabilities for technology insertion; and evaluate insider threat and mitigation processes.
  • Analyze existing and emerging certification and accreditation practices including national level A&A transformation initiatives and recommend a methodology to optimize IA Management and standardize IA baseline certifications across the domain.
  • Support the revision of the entire end-to-end Certification & Accreditation (C&A)/ Assessment and Authorization (A&A) process. The support duties and responsibilities include, but are not limited to the following:
    • Verify IA and cyber security data using various databases included, but not limited to, Enterprise Mission Assurance Support Service (eMASS), Vulnerability Remediation Asset Manager (VRAM), Space and Naval Warfare Systems Command (SPAWAR) Acquisition & Integrated Logistics Online Repository (SAILOR) 2.1, and Information Condition (INFOCON).
    • Compile and analyze data, and develop a Fusion/ServiceNow/SharePoint web enabled monthly CS Dashboard for NSWCDD DNA leadership review.
    • Communicate feedback to NSWCDD DNA related to identified with CS vulnerabilities to the DODIN and coordinate corrections, collect responses and validate reporting
  • Analyze and review the results of network and system vulnerability scans and be able to validate the implementation of IA Controls in accordance with DoD 8500.2.
  • Design technical solutions for network boundary protection, endpoint security, access control, auditing, log management, and event management.
  • Assists with development and tracking of the POA&M in eMASS.
  • Supports RMF Checkpoint meetings.
  • Report on the VRAM system (ensuring 100% compliance) to include scan uploads and baseline maintenance.
  • Monitor the IAVM system and administration of the Windows Server Update Services (WSUS) server
  • Provide status of Network and System patch and WSUS patch management.
  • Assist in the direction of Command Tasking Order (CTO) Compliance, providing guidance on retina and HBSS server.
  • Interact with system administrators to ensure patching and HBSS client updates are installed.
  • Manage ePO and ACAS servers.
  • Review, update, validate, and author Cybersecurity procedures (SOPs) as required.
  • Conduct technical security tests and evaluations of Department's classified and unclassified networks and/or systems to determine compliance with appropriate information assurance (IA) or cyber security controls and risk mitigation strategy.

Required:

  • Three (3) years of applied DoD or Department of Navy (DON) Cyber Security, Certification and Accreditation (C&A) or A&A experience.
  • CISSP or CISSA certified.
  • DoD SECRET Clearance
  • Information Assurance Technician (IAT) -or- Information Assurance Manager (IAM) I, II or III
  • Knowledge of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) Special Publications.
  • Ability to provide technical support and apply expertise in assessing information system compliance with DoD and Navy RMF standards and review, verify, and validate required DoD RMF documentation and artifacts in accordance with DoD Instruction 8510.01, RMF for DoD IT, and the Navy RMF Process Guide (RPG).
  • Demonstrated experience with Site/System Accreditations packages for the granting of Interim Authority to Operate (IATO's), Authority to Operate (ATO's), Interim Authorization to Test (IATT’s).
  • Demonstrated experience with Information Assurance Vulnerability Management (IAVM) security patches for network assets, and implementing Security Technical Implementation Guides (STIGS).
  • Demonstrated experience compiling and analyzing data from authoritative sources (such as Vulnerability Remediation Asset Manager (VRAM), Assured Compliance Assessment Solution (ACAS), and Host Based Security System (HBSS)).

Desired:

  • Bachelor’s Degree in Engineering, Computer Science, Information Systems, or similar technical field.
  • Demonstrated experience with DoD and US Navy enterprise IT networks and systems.