Apply on Employer Site

Amentum · 5 months ago

Cybersecurity Systems Analyst - Senior

San Diego, CA

Full-time

Onsite

Senior Level, Lead/Staff

$100K/yr - $104K/yr

8+ years exp

Amentum is a company focused on cybersecurity solutions, and they are seeking a Senior Cybersecurity Systems Analyst. The role involves conducting assessments and authorizations, advising on risk management frameworks, and ensuring compliance with cybersecurity regulations for various military commands.

Mechanical EngineeringSecurityTechnical Support

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Tracks A&A status of SIE governed ISs. Ensures these artifacts and documentation are available in the USSOCOM-chosen automated tool

Mentation of cybersecurity requirements

Provide DoD & IC RMF subject matter expertise to USSOCOM, its Component Commands, TSOCs, deployed forces and their delegates, including other Contractors, and assist with the development and execution of the RMF program at USSOCOM, its Component Commands, TSOCs, and deployed forces

Maintain, track, and validate DISN, cloud and DIA connection approval packages, including those from USSOCOM, its Component Commands, TSOCs, and other subordinate organizations

Develop and maintain supporting documentation for new and existing networks, cloud environments, information systems and technologies as they are introduced into the SIE

Develop and review the A&A of SIE networks, cloud environments, systems, services, telecommunication circuits, mobile devices, portable electronic devices, hardware, and software using the DoD & IC RMF to obtain an Authority to Operate (ATO), Interim Authority to Test (IATT), or Authority to Connect (ATC)

Perform risk and vulnerability assessments of IT and IS for authorization; prepare risk assessment reports for submission to the SCA and Authorizing Official/Designated Authorizing Official/Designated Accrediting Authority (AO/DAO/DAA) in accordance with DoD, DIA, USCYBERCOM, USSOCOM, Component Command, TSOC, and deployed forces’ policies, procedures, and regulations

Assist USSOCOM, its Component Commands, TSOCs and deployed forces with the enforcement of A&A, as well as DoD, DIA, USSOCOM, Component Command, TSOC, and deployed forces’ connection standards for networks and systems

Track and maintain A&A databases, web sites and tools to ensure that networks, systems and devices are properly documented and managed from a cybersecurity perspective

Track and report to higher headquarters organizations (e.g. USCYBERCOM, DIA) compliance with applicable Cybersecurity regulations and directives

Ensure timely notifications are made to responsible individuals and organizations in order to prevent lapses in accreditations (e.g., 30, 60, and 90 day notices)

Develop and maintain an Information Security Continuous Monitoring (ISCM) Plan. This plan shall address ongoing awareness of information security, vulnerabilities, security controls, and threats to support organizational risk management decisions

Identify, assess, and advise on cybersecurity control compliance and associated risks

Coordinate with USCYBERCOM, DoD, DIA, NSA, DISA, and subordinate organizations to support the resolution of issues with security, A&A, connection approvals, and waiver requests

Perform network, cloud, information systems, hardware, software and device security authorization and assessments, as well as the application and execution of policy, including project management support services

Validate the patching of systems, perform validation scanning, develop Plans of Action & Milestone (POA&Ms), and report as directed by applicable policies, procedures, and regulations

Provide subject matter expertise for COA development and the implementation of Cybersecurity mitigation strategies

Develop and implement required processes, procedures, and capabilities to mitigate vulnerabilities and weaknesses for software and hardware deployment

Identify, implement and validate continued effectiveness of key performance parameters and applied security measures

Perform analytics on cybersecurity posture and provide reports to the AO/DAO and applicable stakeholders as required per ISCM and AO/DAO direction

Qualification

Risk Management FrameworkNIST 800-53 complianceCybersecurity assessmentsDoD 8570.01-M certificationVulnerability assessmentsNetwork securityMicrosoft operating systemsLinux operating systemsDatabase managementCommunication skillsInterpersonal skillsProject managementTechnical writingTeam collaboration

Required

Performs assessment and authorization coordination

Advises and assists the customer with Risk Management Framework (RMF) and develops a Plan of Action and Milestones for resolving network deficiencies in accordance with DODI 8510.01 and ICD 503

Assessing network compliance against controls listed in NIST 800-53 and creating A&A packages

Performs assessment, compliance, and validation of IT systems to support the Cybersecurity program at USSOCOM, its Component Commands, TSOCs, and deployed forces

Execute a comprehensive assessment, compliance and validation of customer networks to ensure compliance with regulations and security and standards

Ensure the integrity of customer systems by identifying and mitigating potential shortcomings and vulnerabilities

Advise USSOCOM, its Component Commands, TSOCs, and deployed forces on network and system risks, risk mitigation courses of action, and operational

Perform security evaluations and vulnerability assessments using the DOD Assured Compliance Assessment Solution (ACAS), Nessus vulnerability scanning tool and Security Content Automation Protocol tool

Identify applicable STIGs and perform assessments using the Security Content Automation Protocol tool

Liaison with network and system administrators to correct identified deficiencies

Scan (or review scans) for new systems and applications being introduced into the SOF environment, identify issues, and draft certification letters for the government

Liaison with the Site Integration Facility (SIF) to ensure systems and application meet the standards in the DISA Security Technical Implementation Guides (STIG)

Knowledgeable of cyber network defense tools such as end point security, SIEM, comply to connect, etc

Tracks A&A status of SIE governed ISs

Ensures these artifacts and documentation are available in the USSOCOM-chosen automated tool

Provide DoD & IC RMF subject matter expertise to USSOCOM, its Component Commands, TSOCs, deployed forces and their delegates

Assist with the development and execution of the RMF program at USSOCOM, its Component Commands, TSOCs, and deployed forces

Maintain, track, and validate DISN, cloud and DIA connection approval packages

Develop and maintain supporting documentation for new and existing networks, cloud environments, information systems and technologies

Perform risk and vulnerability assessments of IT and IS for authorization

Prepare risk assessment reports for submission to the SCA and Authorizing Official/Designated Authorizing Official/Designated Accrediting Authority (AO/DAO/DAA)

Assist USSOCOM, its Component Commands, TSOCs and deployed forces with the enforcement of A&A

Track and maintain A&A databases, web sites and tools to ensure that networks, systems and devices are properly documented and managed from a cybersecurity perspective

Track and report to higher headquarters organizations (e.g. USCYBERCOM, DIA) compliance with applicable Cybersecurity regulations and directives

Ensure timely notifications are made to responsible individuals and organizations in order to prevent lapses in accreditations

Develop and maintain an Information Security Continuous Monitoring (ISCM) Plan

Identify, assess, and advise on cybersecurity control compliance and associated risks

Coordinate with USCYBERCOM, DoD, DIA, NSA, DISA, and subordinate organizations to support the resolution of issues with security, A&A, connection approvals, and waiver requests

Perform network, cloud, information systems, hardware, software and device security authorization and assessments

Validate the patching of systems, perform validation scanning, develop Plans of Action & Milestone (POA&Ms), and report as directed by applicable policies, procedures, and regulations

Provide subject matter expertise for COA development and the implementation of Cybersecurity mitigation strategies

Develop and implement required processes, procedures, and capabilities to mitigate vulnerabilities and weaknesses for software and hardware deployment

Identify, implement and validate continued effectiveness of key performance parameters and applied security measures

Perform analytics on cybersecurity posture and provide reports to the AO/DAO and applicable stakeholders as required per ISCM and AO/DAO direction

Experience with the US Combatant Commands (USCENTCOM/USSOCOM) is desired

Technical background with system administration experience, architecture and engineering preferred

Technical background in networking, identity management, Microsoft and Linux operating systems, database, and mobility

Working knowledge of the RMF

Knowledge of the Telos Xacta or Enterprise Mission Assurance Support Services (eMASS) system is desired

Must have excellent communications skill (written and oral) and interpersonal skills

Knowledge and experience with DoD IA processes and policies (e.g., DODI 8510.01, NIST, CNSS and other cybersecurity policies)

Active TS/SCI clearance required

Years Of Experience Required: 8+ yrs

Education Required: BA/BS