Cyber Security Analyst

Company: Oasis Systems LLC
Location: Rockville
Posted on: January 26, 2023

Job Description:

Overview
Oasis Systems has an exciting opportunity for a Cyber Security Analyst in Rockville, MD. The Cyber Security Analyst will be actively engaged in identifying unique system characteristics, interviewing key organizational personnel (technical, administrative, and executive), and working with the consulting team to develop and manage security documentation throughout the system lifecycle in support of FISMA requirements. This includes, but is not limited to; security categorizations, system security plans, privacy impact assessments, contingency plans, configuration management plans, incident response plans, POA&Ms, vulnerability assessment reports, deviation requests, and any other necessary documents to support a system's authority to operate (ATO).
LOCATION: Rockville
JOB STATUS: -Full-Time
TRAVEL: -Occasional domestic travel
REQUIRED QUALIFICATIONS (Education, Certifications, Experience, Skills)
SECURITY CLEARANCE: -NRC Suitability
EDUCATION: -BA/BS degree in information systems, computer science, or related fields.
CERTIFICATIONS: The Ideal candidate will also have one or more of the following certifications: CISSP, CISM, CEH, CISA, Security+ and/or CAP
EXPERIENCE LEVEL: 4 years working in the SA&A field and at least 2 years information systems, computer science, or related fields (may be concurrent).
OTHER QUALIFICATIONS/SKILLS: -

• 
  
• A strong understanding of FISMA and NIST Special Publications, especially NIST SP 800-37 and NIST SP 800-53.
  
• Excellent written and oral communication skills; attention to detail is essential.
  
• Experience with vulnerability scanning tools, such as Tenable SecurityCenter / Nessus.
  
• Working knowledge of DISA STIGs, SCAP content / audit files, and CIS Benchmarks.
  
• Understanding of cloud service models (SaaS, PaaS, IaaS) and protections as described in FedRAMP security documentation.
  
• Experience reviewing FedRAMP authorization packages and understanding how to ensure customer responsibilities are addressed in accordance with the shared responsibility model.
  
• Experience with performing technical architecture reviews of complex systems with a strong understanding of a system's authorization boundary.
  
• Hands-on experience with securely deploying / hardening cloud workloads as well as Windows Server and Linux administration.
  
• Knowledge of major cloud platforms (Azure / Amazon Web Services [AWS]), virtualization, networking devices (e.g., routers and switches), web services (e.g., IIS, Apache Tomcat), network security appliances (e.g., firewalls, VPNs), databases (e.g., Microsoft SQL), and intrusion prevention / anti-malware software.
  
• Knowledge of system and application security threats and vulnerabilities.
  
• Proficiency with Microsoft Office applications.
  
• Ability to prioritize and complete tasks efficiently and effectively.
  
• Comfortable working individually and as part of a team.
  
• Scripting ability (e.g., PowerShell, VBA) is a plus.
  
  RESPONSIBILITIES: -
  
  • 
    
  • Work closely with all levels of personnel, including system administrators, Information System Security Officers (ISSOs), and Authorizing Official (AO), to support FISMA systems through the Security Assessment & Authorization (SA&A) lifecycle.
    
  • Assess the confidentiality, integrity, and availability impact levels of information stored, possessed, and transmitted by systems to determine the FIPS 199 security categorization.
    
  • Develop and maintain system security documentation throughout all phases of the NIST Risk Management Framework (RMF). - This includes security categorizations, digital identity risk assessments, system security plans, system policy and procedures, privacy impact assessments, contingency plans, configuration management plans, incident response plans, vulnerability assessment reports, deviation requests, and any other documents necessary to support systems' authorization and continuous monitoring.
    
  • Analyze risks identified during security control assessments and continuous monitoring activities in accordance with NIST SP 800-30. - This includes making a determination regarding the likelihood and impact of the risk being exploited, along with a supporting rationale, and providing recommendations for mitigation/remediation.
    
  • Perform and document the results of vulnerability scans and configuration compliance checks against configuration standards such as DISA STIGs and CIS Benchmarks.
    
  • Analyze FedRAMP security packages to document and assess customer responsibility for cloud-based systems.
    
  • Assist in the review of monthly continuous monitoring deliverables produced by Cloud Service Providers (CSPs) and annual assessments (produced by third party assessors [3PAOs]) in support of FedRAMP requirements to ensure that cloud services maintain an appropriate risk posture.
    
  • Create, track, and manage system Plans of Action and Milestones (POA&Ms).
    
  • Attend project meetings and collaborate with stakeholders to ensure security is addressed throughout the entire system lifecycle.
    
    Who We Are
    Oasis Systems is a premier provider of customer-driven, cost-effective and quality Engineering Services; Enterprise Systems and Applications; Human Factors Engineering; Information Technology and Cyber Security; Professional Services; and Specialized Engineering Solutions to the Department of Defense, FAA, NRC and other federal agencies.
    We strive to be an exciting and welcoming company that attracts, develops, motivates and retains the most talented, skilled and dedicated people in the industry; where they are encouraged to achieve personal excellence, purpose, and their full potential and career aspirations; while supporting mission-critical national security technologies and programs.
    Oasis Systems is an equal opportunity employer and does not discriminate in hiring or employment on the basis of any legally protected characteristic including, but not limited to, race, color, religion, national origin, marital status, gender, sexual orientation, ancestry, age, medical condition, military veteran status or on the basis of physical handicap which, with reasonable accommodation, render the application to satisfactorily perform the job available

Keywords: Oasis Systems LLC, Rockville , Cyber Security Analyst, Professions , Rockville, Maryland