Unissant · 7 hours ago

Cyber Security Analyst

San Antonio, TX

Full-time

Remote

Mid, Senior Level

5+ years exp

Maximize your interview chances

Health CareInformation Services

No H1B

Insider Connection @Unissant

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Assist the ISSM with development, review and management of Cybersecurity documentation (e.g. System Authorization Plans, Categorization Memos, Plan of Action and Milestones (POA&M), hardware & software lists, boundary diagrams), and work with the vendors to ensure compliance requirements are met with the focus of achieving Authorization to Operate (ATO) for all packages.

Assist the ISSM in ensuring compliance with 8582.01 controls to make certain system remains in a secure state throughout the system lifecycle.

Assist the ISSM in confirming the validity of hardware and software lists, architecture diagram and resolution of findings through remediation/mitigation statements in the system POA&M to ensure system remains in a secure state throughout the system lifecycle.

Work with the ISSM to assess configuration changes and to determine overall impact to the security posture of the system.

Work with the ISSM to analyze system administrator generated vulnerability scans from various tools (e.g. Automated Compliance Assessment Solution (ACAS), Host Based System Security (HBSS), Security Content Automation Protocol (SCAP), Nessus) and review Security Technical Implementation Guides (STIGS) and checklists to provide vulnerability assessments at the system level.

Utilize reporting tools (e.g. Enterprise Mission Assurance Support Services (eMASS) and Continuous Monitoring and Risk Scoring (CMRS)) for the documentation and evidence of assessment results for each system.

Perform other duties as required by management.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

CISSPCISACASP CENISTRisk Management FrameworkFedRAMPIP networkingHBSSACASSCAPEncryptionIPsecPKIVPNsFirewallsProxy servicesDNSElectronic mailAccess-listsMicrosoft OfficeReport writingLogical reasoningForensic approachVulnerability assessmentDeadline management

Required

DoD-approved cybersecurity workforce certification per DoD 8570.01-M (e.g. CISSP, CISA, CASP CE) and five or more years cybersecurity experience.

Experience assessing new security laws, policies, and standards in the federal government to determine program-level impact.

Technical knowledge of National Institute of Standards and Technology (NIST), Risk Management Framework (RMF), Federal Risk and Authorization Management Program (FedRAMP) with a solid understanding of cloud deployment, security policy requirements and assessments, and service models as defined by the NIST.

Understanding of IP networking, networking protocols and security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists.

In depth knowledge of security hardening, assessment and reporting tools (e.g. HBSS, ACAS, SCAP etc.) with the ability to assess and provide appropriate feedback for external audits and remediation plans.

A solid understanding of Microsoft Office suite, especially Word.

Bachelor's Degree is required.

This position requires the candidate to be a United States Citizen and capable of obtaining an IT-2 position of Public Trust.

Excellent verbal and writing skills.

Demonstrated experience communicating effectively across internal and external organizations.