SECURITY ANALYST (INFOSEC - LEVEL IV) jobs in United States
cer-icon
Apply on Employer Site
company-logo

NAVY EXCHANGE SERVICE COMMAND (NEXCOM) · 5 hours ago

SECURITY ANALYST (INFOSEC - LEVEL IV)

positionVirginia Beach, VA
timeFull-time
remoteOnsite
senioritySenior Level
date7+ years exp

Navy Exchange Service Command (NEXCOM) is seeking a Senior Information Security Analyst to develop, maintain, and support their Information Assurance program. The role involves performing security assessments, maintaining compliance with cybersecurity policies, and mentoring lower-level analysts.

Information Technology
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Serves as mentor providing instruction and guidance to lower level InfoSec Analysts
Excellent analytical and problem solving skills
Maintaining and tracking IAVM program compliance
Review and document security assessments of computing environments through the SSR process to identify points of vulnerability and non-compliance with established Information Assurance (IA) standards and regulations
Track FISMA Contingency Plan testing compliance
Assist CSWF-PM with maintaining and tracking CSWF program compliance
Perform quarterly audit reviews and reporting
Expert with compliance and regulatory requirements such as DIACAP, RMF, PCI, PII, SOX
Complete weekly metric reports for Code IS
Analyze STIG and ACAS reports and advise system administrators on acceptable mitigation measures
Compile all required artifacts for DIACAP and RMF Authorization packages and work through obtaining an Authorization to Operate
Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative
Perform data security assessments including applications, servers, databases, and other network components and associated processes against the PCI DSS standards to identify areas of non-compliance
Process and authorize NEXCOM system access through SAAR and PAA agreements
Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents
Performs other related duties as assigned

Qualification

DIACAPRMFCISSPCISMCAPCybersecurity ComplianceSecurity AssessmentsRisk AnalysisAnalytical SkillsProblem SolvingCommunication Skills

Required

U.S. Citizenship
Excellent analytical and problem solving skills
Maintaining and tracking IAVM program compliance
Review and document security assessments of computing environments through the SSR process to identify points of vulnerability and non-compliance with established Information Assurance (IA) standards and regulations
Track FISMA Contingency Plan testing compliance
Assist CSWF-PM with maintaining and tracking CSWF program compliance
Perform quarterly audit reviews and reporting
Expert with compliance and regulatory requirements such as DIACAP, RMF, PCI, PII, SOX
Complete weekly metric reports for Code IS
Analyze STIG and ACAS reports and advise system administrators on acceptable mitigation measures
Compile all required artifacts for DIACAP and RMF Authorization packages and work through obtaining an Authorization to Operate
Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative
Perform data security assessments including applications, servers, databases, and other network components and associated processes against the PCI DSS standards to identify areas of non-compliance
Process and authorize NEXCOM system access through SAAR and PAA agreements
Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents
Earn and maintain appropriate credentials from the Cyber IT/CSWF Qualification Matrix associated with the specialty area and level commensurate with the scope of major assigned duties for the position to which you are assigned
Participate annually in 40 hours of continuous learning (CL) activities to be documented in a current individual development plan (IDP) signed by both the employee and supervisor
Graduate Degree from accredited University or CNSSI 4012 Senior Systems Manager or Certification (at least one of the following): Certified Authorization Professional (CAP), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP), GIAC Security Leadership Certification (GSLC)
A total of 7 years of experience, consisting of 3 years of general experience performing certification and accreditation work and 4 years of specialized experience in at least two of the following: Security control assessments and reports; Research and analysis of cybersecurity policy; IT security compliance and reporting; System risk analysis; Drafting DIACAP/RMF Authorization packages

Company

NAVY EXCHANGE SERVICE COMMAND (NEXCOM)

twittertwittertwitter
Glassdoor3.4
company-logo
The Navy Exchange Service Command (NEXCOM) Enterprise encompasses six business lines, boasting a workforce of more than 14,000 associates located around the globe.
dateFounded in 1946
location
Virginia Beach, Virginia, USA
people-size10001+ employees
web-link
https://www.mynavyexchange.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
John Best
SVP Chief Financial Officer
linkedin
leader-logo
Alan Conway
SVP & CIO
linkedin

Recent News

PR Newswire
Army & Air Force Exchange Service to Honor Heroes with Veterans Day Coin Giveaway
2025-11-04
PR Newswire
PEP BOYS EXPANDS ITS SERVICE FOOTPRINT INTO U.S. NAVY BASES
2025-08-05
MarketScreener
THE HOME DEPOT EXPANDS SELECTION OF TAX-FREE PRODUCTS FOR MILITARY SHOPPERS
2025-05-01
Company data provided by crunchbase