NAVY EXCHANGE SERVICE COMMAND (NEXCOM) ยท 1 month ago
SECURITY ANALYST (INFOSEC - LEVEL IV)
Virginia Beach, VA
Full-time
Onsite
Senior Level
7+ years expNavy Exchange Service Command (NEXCOM) is seeking a Senior Information Security Analyst to develop, maintain, and support NEXCOM's Information Assurance program. The role includes performing security assessments, maintaining compliance with cybersecurity policies, and mentoring lower-level analysts.
Information Technology
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Serves as mentor providing instruction and guidance to lower level InfoSec Analysts
Excellent analytical and problem solving skills
Maintaining and tracking IAVM program compliance
Review and document security assessments of computing environments through the SSR process to identify points of vulnerability and non-compliance with established Information Assurance (IA) standards and regulations
Track FISMA Contingency Plan testing compliance
Assist CSWF-PM with maintaining and tracking CSWF program compliance
Perform quarterly audit reviews and reporting
Expert with compliance and regulatory requirements such as DIACAP, RMF, PCI, PII, SOX
Complete weekly metric reports for Code IS
Analyze STIG and ACAS reports and advise system administrators on acceptable mitigation measures
Compile all required artifacts for DIACAP and RMF Authorization packages and work through obtaining an Authorization to Operate
Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative
Perform data security assessments including applications, servers, databases, and other network components and associated processes against the PCI DSS standards to identify areas of non-compliance
Process and authorize NEXCOM system access through SAAR and PAA agreements
Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents
Performs other related duties as assigned
Qualification
Required
U.S. Citizenship
Excellent analytical and problem solving skills
Maintaining and tracking IAVM program compliance
Review and document security assessments of computing environments through the SSR process to identify points of vulnerability and non-compliance with established Information Assurance (IA) standards and regulations
Track FISMA Contingency Plan testing compliance
Assist CSWF-PM with maintaining and tracking CSWF program compliance
Perform quarterly audit reviews and reporting
Expert with compliance and regulatory requirements such as DIACAP, RMF, PCI, PII, SOX
Complete weekly metric reports for Code IS
Analyze STIG and ACAS reports and advise system administrators on acceptable mitigation measures
Compile all required artifacts for DIACAP and RMF Authorization packages and work through obtaining an Authorization to Operate
Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative
Perform data security assessments including applications, servers, databases, and other network components and associated processes against the PCI DSS standards to identify areas of non-compliance
Process and authorize NEXCOM system access through SAAR and PAA agreements
Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents
Earn and maintain appropriate credentials from the Cyber IT/CSWF Qualification Matrix associated with the specialty area and level commensurate with the scope of major assigned duties for the position
Participate annually in 40 hours of continuous learning (CL) activities to be documented in a current individual development plan (IDP) signed by both the employee and supervisor
Graduate Degree from accredited University or CNSSI 4012 Senior Systems Manager or Certification (at least one of the following): Certified Authorization Professional (CAP), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP), GIAC Security Leadership Certification (GSLC)
A total of 7 years of experience, consisting of: GENERAL EXPERIENCE: Three years of experience performing certification and accreditation work
SPECIALIZED EXPERIENCE: Four years of experience in at least two of the following: Security control assessments and reports; Research and analysis of cybersecurity policy; IT security compliance and reporting; System risk analysis; Drafting DIACAP/RMF Authorization packages; or one year experience at the next lowest level of this position
This position is designated IT-1 (Critical - Sensitive) in accordance with SECNAV M-5510.30 and will require a favorable Single Scope Background Investigation (SSBI)
Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination
Candidates must be eligible for and obtain a Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination
Company
NAVY EXCHANGE SERVICE COMMAND (NEXCOM)
The Navy Exchange Service Command (NEXCOM) Enterprise encompasses six business lines, boasting a workforce of more than 14,000 associates located around the globe.
10001+ employees
Funding
Current Stage
Late StageLeadership Team
John Best
SVP Chief Financial Officer
Alan Conway
SVP & CIO
Recent News
2025-11-04
2025-08-05
2025-05-01
Company data provided by crunchbase