Cyber Security Analyst
Company: Oasis Systems LLC
Location: Rockville
Posted on: January 26, 2023
Job Description:
Overview
Oasis Systems has an exciting opportunity for a Cyber Security
Analyst in Rockville, MD. The Cyber Security Analyst will be
actively engaged in identifying unique system characteristics,
interviewing key organizational personnel (technical,
administrative, and executive), and working with the consulting
team to develop and manage security documentation throughout the
system lifecycle in support of FISMA requirements. This includes,
but is not limited to; security categorizations, system security
plans, privacy impact assessments, contingency plans, configuration
management plans, incident response plans, POA&Ms,
vulnerability assessment reports, deviation requests, and any other
necessary documents to support a system's authority to operate
(ATO).
LOCATION: Rockville
JOB STATUS: -Full-Time
TRAVEL: -Occasional domestic travel
REQUIRED QUALIFICATIONS (Education, Certifications, Experience,
Skills)
SECURITY CLEARANCE: -NRC Suitability
EDUCATION: -BA/BS degree in information systems, computer science,
or related fields.
CERTIFICATIONS: The Ideal candidate will also have one or more of
the following certifications: CISSP, CISM, CEH, CISA, Security+
and/or CAP
EXPERIENCE LEVEL: 4 years working in the SA&A field and at
least 2 years information systems, computer science, or related
fields (may be concurrent).
OTHER QUALIFICATIONS/SKILLS: -
- A strong understanding of FISMA and NIST Special Publications,
especially NIST SP 800-37 and NIST SP 800-53.
- Excellent written and oral communication skills; attention to
detail is essential.
- Experience with vulnerability scanning tools, such as Tenable
SecurityCenter / Nessus.
- Working knowledge of DISA STIGs, SCAP content / audit files,
and CIS Benchmarks.
- Understanding of cloud service models (SaaS, PaaS, IaaS) and
protections as described in FedRAMP security
documentation.
- Experience reviewing FedRAMP authorization packages and
understanding how to ensure customer responsibilities are addressed
in accordance with the shared responsibility model.
- Experience with performing technical architecture reviews of
complex systems with a strong understanding of a system's
authorization boundary.
- Hands-on experience with securely deploying / hardening cloud
workloads as well as Windows Server and Linux
administration.
- Knowledge of major cloud platforms (Azure / Amazon Web Services
[AWS]), virtualization, networking devices (e.g., routers and
switches), web services (e.g., IIS, Apache Tomcat), network
security appliances (e.g., firewalls, VPNs), databases (e.g.,
Microsoft SQL), and intrusion prevention / anti-malware
software.
- Knowledge of system and application security threats and
vulnerabilities.
- Proficiency with Microsoft Office applications.
- Ability to prioritize and complete tasks efficiently and
effectively.
- Comfortable working individually and as part of a
team.
- Scripting ability (e.g., PowerShell, VBA) is a plus.
RESPONSIBILITIES: -
- Work closely with all levels of personnel, including system
administrators, Information System Security Officers (ISSOs), and
Authorizing Official (AO), to support FISMA systems through the
Security Assessment & Authorization (SA&A) lifecycle.
- Assess the confidentiality, integrity, and availability impact
levels of information stored, possessed, and transmitted by systems
to determine the FIPS 199 security categorization.
- Develop and maintain system security documentation throughout
all phases of the NIST Risk Management Framework (RMF). - This
includes security categorizations, digital identity risk
assessments, system security plans, system policy and procedures,
privacy impact assessments, contingency plans, configuration
management plans, incident response plans, vulnerability assessment
reports, deviation requests, and any other documents necessary to
support systems' authorization and continuous monitoring.
- Analyze risks identified during security control assessments
and continuous monitoring activities in accordance with NIST SP
800-30. - This includes making a determination regarding the
likelihood and impact of the risk being exploited, along with a
supporting rationale, and providing recommendations for
mitigation/remediation.
- Perform and document the results of vulnerability scans and
configuration compliance checks against configuration standards
such as DISA STIGs and CIS Benchmarks.
- Analyze FedRAMP security packages to document and assess
customer responsibility for cloud-based systems.
- Assist in the review of monthly continuous monitoring
deliverables produced by Cloud Service Providers (CSPs) and annual
assessments (produced by third party assessors [3PAOs]) in support
of FedRAMP requirements to ensure that cloud services maintain an
appropriate risk posture.
- Create, track, and manage system Plans of Action and Milestones
(POA&Ms).
- Attend project meetings and collaborate with stakeholders to
ensure security is addressed throughout the entire system
lifecycle.
Who We Are
Oasis Systems is a premier provider of customer-driven,
cost-effective and quality Engineering Services; Enterprise Systems
and Applications; Human Factors Engineering; Information Technology
and Cyber Security; Professional Services; and Specialized
Engineering Solutions to the Department of Defense, FAA, NRC and
other federal agencies.
We strive to be an exciting and welcoming company that attracts,
develops, motivates and retains the most talented, skilled and
dedicated people in the industry; where they are encouraged to
achieve personal excellence, purpose, and their full potential and
career aspirations; while supporting mission-critical national
security technologies and programs.
Oasis Systems is an equal opportunity employer and does not
discriminate in hiring or employment on the basis of any legally
protected characteristic including, but not limited to, race,
color, religion, national origin, marital status, gender, sexual
orientation, ancestry, age, medical condition, military veteran
status or on the basis of physical handicap which, with reasonable
accommodation, render the application to satisfactorily perform the
job available
Keywords: Oasis Systems LLC, Rockville , Cyber Security Analyst, Professions , Rockville, Maryland
Didn't find what you're looking for? Search again!
Loading more jobs...