Cherokee Federal · 10 hours ago
Cyber Security Analyst
United States
Full-time
Remote
Senior Level, Lead/Staff
$135K/yr - $151K/yr
10+ years expCherokee Federal is a division of tribally owned federal contracting companies focused on solving complex challenges for federal clients. The Senior Maritime Cybersecurity Analyst provides expert cybersecurity support to the MARAD Information Assurance Program, managing security documentation and compliance with federal and maritime cybersecurity requirements.
GovernmentNon ProfitProfessional ServicesPublic Relations
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Provide support to the MARAD Information Assurance Program for operations, business and administrative in support of the System Authorization Process and deliverables as defined in this document. Direct involvement with MARAD Program Office and the Information System Security Manager (ISSM) on cybersecurity and authority to operate (ATO) matters related to information systems supporting the MARAD CIO. Background on Network Architecture, hardware, software, contingency planning and disaster recovery required. Maritime background desired. Analyst will provide support for 3-4 systems depending on system level (Low, Moderate or High) and the current state of compliance of each system’s ATO
Manage MARAD’s Information System’s core documentation, in accordance with each phase of the system engineering process / System Development Life Cycle (SDLC) with standardized templates, baseline management with supporting checklists and technical guides, including but not limited to the DOT Security Authorization and Continuous Monitoring Guide, Weakness Guide and other Core Documents include: o Provide information system data for Privacy Impact Assessments (PIAs), Privacy Threshold Analyses (PTAs), and System of Record Notices (SORNs). This includes interfacing/coordinating with the System Owner (SO) that originates/has responsibility for the document to ensure the PIA/PTA/SORN contains appropriate information to be approved/adjudicated by DOT Privacy Office for inclusion in System Authorization package
Support creation/update of FIPS 199 Security Categorization document; ensure information type(s) and special considerations (if applicable) are defined
Support creation/update security control selection listing (include justification for applicable tailor and or risk acceptance)
Support creation/update System Security Plan (SSP); ensure discovered and identified system components, control implementation status are addressed. o
Support creation/update Information System Configuration Management Plan. o
Support creation/update Information System Account Management Plan. o
Support creation/update Audit Log Monitoring Plan o Develop and Maintain Inventory of Information System Interconnections and review, Develop / update Interconnection Security Agreements and MOUs in accordance with NIST 800-47
Support creation/update Risk Assessment and relevant impact rating pertaining within the scope of this statement of work
Assist the Information System Owner (ISO), Business Sponsor, and Information System Security Manager (ISSM) in recording all known security weaknesses of assigned information systems in the Plans of Action and Milestones (POA&M’s) in accordance with DOT policy, guides and procedures
Develop Draft Plan of Action and Milestones (POA&M) for observed control level deficiencies or gaps control implementation(s) in accordance with DOT policy, guides and procedures
Support the information system contingency planning process in accordance with NIST SP 800-34 Revision (Current), Guide to Test, Training and Exercise Programs for MARAD information and ensure contingency plan test exercise results are documented in an after-action report, and Lessons Learned corrective actions are captured for updating information in the Information Systems Contingency Plan (ISCP)
Assist in security incident response, risk mitigation, and compliance reporting
Performs other job-related duties as assigned
Qualification
Required
Active Public Trust clearance or the ability to obtain a Public Trust clearance
Prior US Navy or Coastguard Maritime Cyber Security Experience
10+ years of experience in cybersecurity, with expertise in maritime/vessel cybersecurity, IT/OT security, and federal cybersecurity policies
Strong knowledge of NIST RMF, NIST Cybersecurity Framework (CSF), FISMA, and Navy or U.S. Coast Guard Maritime Organization cybersecurity requirements
Experience with Continuous Diagnostics and Mitigation (CDM), Information Security Continuous Monitoring (ISCM), and Identity, Credential, and Access Management (ICAM)
Proven ability to lead cybersecurity assessments, compliance audits, and risk management activities
Understanding of the principles, methods, and tools of quality assurance and quality control used to ensure a product fulfills functional requirements and standards
Proficiency in Microsoft Office Suite, Power BI, Tableau, and SharePoint
Must pass pre-employment qualifications of Cherokee Federal
Benefits
Medical
Dental
Vision
401K
Other possible benefits as provided
Company
Cherokee Federal
Cherokee Federal, a division of Cherokee Nation Businesses, is a trusted team of government contracting professionals who can rapidly build innovative solutions.
5001-10000 employees
Funding
Current Stage
Late StageLeadership Team
Clint Bickett
Chief Operating Officer
Charity Mackenzie
Executive Staff Coordinator to VP of HR and CIO
Recent News
2025-11-18
2025-09-02
Company data provided by crunchbase