cFocus Software Incorporated · 3 hours ago

SME Information Security Analyst - TS/SCI Required

USA

Full-time

Remote

Senior Level, Lead/Staff

10+ years exp

Maximize your interview chances

ChatbotGovernment

Growth Opportunities

No H1B

Security Clearance Required

Insider Connection @cFocus Software Incorporated

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Responsible for leading the RMF assessment, authorization, and monitoring steps for systems following NIST and ICD 503 standards and best practices.

Maintain ongoing knowledge of Federal policies and practices related to cyber security

Participate in the RMF process providing Authorization and Assessment (A&A) support to include the review of risk trade off analysis required to recommend risk acceptance and authorization decisions.

Support all activities to maintain security authorization of each system, which include but are not limited to: monitoring status of POA&Ms until closure, annual assessments, continuous monitoring, and (future) ongoing authorization activities as required by DHS policy.

Perform impact analysis of the requirements through evidence-based reasoning and risk management needed to create and maintain a defensible security posture for the program.

The Contractor may be required to perform assessments for two or more different systems simultaneously

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Active TS/SCI clearanceCASP+ certificationCySA+ certificationCISSP certificationSecurity controls experienceRisk managementVulnerability managementEMASSCSAMXactaArchitecture security expertiseNetwork security expertiseInfrastructure security expertiseCloud security expertiseReverse EngineeringComputer ForensicsIncident ResponseVulnerability AssessmentPenetration TestingSaaSPaaSIaaSAWSKubernetesDockerLinuxWindows

Required

Active TS/SCI clearance

10+ years of proven experience performing security controls.

Active CASP+, CySA+, or CISSP certification

Possess excellent verbal and written communication skills; have knowledge, skills, abilities, and experience with common assessment & authorization (A&A) application platforms (e.g. eMASS, CSAM, Xacta is preferred) for performing tasks in Section 6.3. and strong architecture, network and infrastructure security, or next gen security expertise (agile/hybrid agile, cloud).

The SME Information Security Analyst must have extensive experience working with various security methodologies and processes, compliance controls related to cloud security, performing assessments in cloud computing environment, extensive experience providing analysis and trending of vulnerability data from a large number of heterogeneous devices, and must possess expert knowledge in risk and vulnerability management.

10+ years of experience with Reverse Engineering, Computer Forensics, Adversarial Emulations, Incident Response, Vulnerability Assessment and Management, Risk and Threat Mitigation, and Penetration Testing

10+ years of technical experience using concepts such as (SaaS, PaaS, & IaaS)

10+ years of experience working with AWS, Kubernetes, Dockers, Linux, Windows