Information Systems Security Analyst - SCSTC jobs in United States
cer-icon
Apply on Employer Site
company-logo

Systems Automation and Management ยท 3 weeks ago

Information Systems Security Analyst - SCSTC

positionDahlgren, VA
timeFull-time
remoteOnsite
seniorityMid Level

Technology, Automation, and Management, Inc. is seeking an Information Systems Security Analyst to enhance the cybersecurity posture and compliance of DoD information systems. The role involves leading Risk Management Framework assessments, conducting security control assessments, and ensuring compliance with federal regulations and best practices.

Information TechnologyProfessional ServicesSoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Advise and assist the ISSM/ISSO in executing all phases of the RMF process for command systems
Develop Security Assessment Plans (SAP), conduct security categorization reviews, and maintain/update RMF artifacts (e.g., System Security Plans, Security Assessment Reports, Plan of Action & Milestones [POA&Ms], Risk Acceptance Recommendation Reports, Residual Risk Statements)
Prepare comprehensive Security Authorization Packages for Authorizing Officials
Conduct security control assessments, vulnerability analyses, remediation reporting, and maintain accurate tracking of status and documentation
Execute recurring inspections, technical reviews, and audits of system/network controls
Ensure compliance with DoD RMF, NIST SP 800-53, NIST SP 800-171, DISA STIGs, and DFARS 252.204-7012
Review, document, and enhance IA protective and corrective measures; maintain vulnerability remediation and asset management (VRAM) records
Support and track site visits, inspections, system accreditations, and implement corrective actions based on network scan analysis
Monitor network/system activity and logs for threats and anomalies
Lead or support incident response: containment, remediation, analysis, and reporting/escalation to appropriate authorities
Ensure reporting of cyber incidents and support compliance with DoD notification and investigative protocols
Embed security engineering principles into all network, system, and application design and configuration changes
Provide technical recommendations for system hardening and mitigation of emerging threats
Contribute to secure acquisitions, IT supply chain risk management, and assessments of new or emerging technologies for security impact
Prepare and maintain technical documentation, status reports, executive briefings, and CDRL deliverables (SAP, SAR, POA&M, etc.)
Participate in cybersecurity meetings, provide technical consultation to leadership, and prepare minutes/trip reports when required
Translate business and operational requirements into actionable cybersecurity solutions
Promote continuous process improvement, develop SOPs, and ensure security architecture aligns with mission objectives

Qualification

RMF Assessment & AuthorizationNIST SP 800-53Incident ResponseSecurity EngineeringVulnerability AnalysisCybersecurity ComplianceTechnical DocumentationSoft Skills

Required

Experience with Risk Management Framework (RMF) Assessment & Authorization
Ability to develop Security Assessment Plans (SAP) and conduct security categorization reviews
Experience maintaining/updating RMF artifacts such as System Security Plans, Security Assessment Reports, and Plan of Action & Milestones (POA&Ms)
Ability to prepare comprehensive Security Authorization Packages for Authorizing Officials
Experience conducting security control assessments and vulnerability analyses
Knowledge of compliance with DoD RMF, NIST SP 800-53, NIST SP 800-171, DISA STIGs, and DFARS 252.204-7012
Experience executing recurring inspections, technical reviews, and audits of system/network controls
Ability to monitor network/system activity and logs for threats and anomalies
Experience leading or supporting incident response activities including containment, remediation, analysis, and reporting
Knowledge of security engineering principles and system hardening techniques
Experience preparing and maintaining technical documentation and status reports
Ability to translate business and operational requirements into actionable cybersecurity solutions

Company

Systems Automation and Management

twittertwitter
company-logo
Systems Automation and Management (SAM) is a dynamic business with offices in Gauteng, KwaZulu Natal, Northern Province and West Coast locally as well as internationally in Denmark.
dateFounded in 1972
location
Gauteng, NA - South Africa, ZAF
people-size11-50 employees
web-link
https://www.sam.co.za

Funding

Current Stage
Early Stage
Company data provided by crunchbase