DecisionPoint Corporation

Cybersecurity Analyst

DecisionPoint Corporation

full-time

Posted on:

Origin:  • 🇺🇸 United States • Virginia

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

Tech Stack

AzureCloudCyber SecurityPMP

About the role

  • Support system A&A activities, including pre-assessment control reviews, artifact gathering, system security plan updates, and documentation review for migrated website and other OIG systems and applications.
  • Support creation and maintenance of OIG FedRAMP cloud solutions documentation.
  • Perform security control reviews of OIG facilities, systems, and applications to support continuous monitoring and annual reviews; identify and track findings in POA&Ms.
  • Support and initiate the incident response process in accordance with guidelines; assist System Owner and support staff with advice, guidance, and templates.
  • Support annual incident response and contingency plan training and testing activities.
  • Review system and application configuration settings using automated and manual methods; complete vulnerability scanning of all assets.
  • Compile data to assist remediation activities; coordinate with system administrators to implement corrective actions and develop POA&Ms for outstanding risks.
  • Coordinate with system administrators and application/database support to research and resolve security concerns and revise documentation.
  • Assist in the preparation of official memorandums such as CIO risk acceptance, POA&Ms, and appointment letters.
  • Research user questions and requests; make recommendations based on Department and OIG policy; complete file transfer requests per federal and Department of State guidance.
  • Assist in compiling data to support data calls and quarterly FISMA reporting.
  • Support the configuration management process through preliminary security impact analyses.
  • Track user cybersecurity awareness training and rules of behavior agreements; monitor the Department continuous monitoring system and coordinate corrective actions.
  • Provide detailed weekly status reports.

Requirements

  • Active Secret Clearance required.
  • 5-7 years of Federal government knowledge and experience in applying and implementing the NIST Risk Management Framework and Special Publications 800-53, 800-37; FedRAMP, NIST Cybersecurity Framework, and other FISMA requirements.
  • Experience in configuring and running vulnerability and configuration compliance (SCAP) scans, troubleshooting issues, and analyzing data to identify trends and recommend remediation actions.
  • Complete understanding of Department of Homeland Security Continuous Diagnostics and Mitigation (DHS CDM) program requirements and implementation requirements at a general level.
  • Experience in host-based and network-based security tools, analyzing alerts, and initiating the incident response process, working with operations team and management to analyze and categorize level of threat.
  • Experience working with security information management (SIM) and/or security information and event management (SIEM), user behavior analytics (UBA), and anti-malware tools.
  • Experience with cloud hosted infrastructure and applications environments such as Microsoft Office 365 and Microsoft Azure.
  • Understanding of threats specifically related to mobile users and mobile devices.
  • Experience in researching different types of technical security threats and recommending mitigating actions.
  • Proficient in writing and maintaining system security plans, information security policies, and official memorandums intended for executive leadership.
  • Familiar with use of Information Technology Infrastructure Library (ITIL), Capability Maturity Model Integration (CMMI), and/or Project Management Professional (PMP) processes.
  • Desired: Certified Information Systems Security Professional/Certified Information Security Manager (CISSP/CISM); PMP.