Job Description
Job Summary:
The Cyber Security Analyst II designs and implements security solutions and capabilities that enable the organization to identify, protect, detect, respond, and recover from cyber threats and vulnerabilities, and develops security integration plans to protect existing and future infrastructure.
Essential Job Functions:
- Defines and develops network security measures using risk assessments, threat models, testing, and analysis of existing systems
- Designs action plans for policy development, system hardening, monitoring, incident response, disaster recovery, and emerging Cyber Security threats
- Utilizes a variety of Security Information and Event Management (SEIM), Data Loss Prevention (DLP), Intrusion Prevention Systems (IPS), and other tools
- Establish and document System Security Plans in accordance with Federal Risk Management Framework (RMF) cybersecurity requirements.
- Coordinate with Government Customers and managers on system security compliance.
- Responsible for maintaining RMF Information System (IS) Authorizations To Operate. They will conduct periodic reviews to ensure compliance with established policies and procedures. This will include, but not be limited to ensuring that all software, hardware, and firmware changes are recorded as required by established configuration management polices & procedures.
- Ensure the implementation of security features for the detection of malicious code, viruses, and intruders (hackers), as appropriate.
- Ensure systems are operated, maintained, and disposed of in accordance with applicable governance.
- Assist in performing IS security briefings to authorized individuals prior to those users gaining access to sensitive and/or classified information systems.
- Report all security incidents through the established reporting chain, and be required to investigate, document and report, as well as provide protective and corrective measures in response to such incidents.
Other Job Functions:
- Coordinate and/or lead security reviews and assessments with the customer regarding the applicable system deployment of security controls.
- Coordinate and/or take the lead with the implementation of RMF activities, such as Authorization and Assessment items, including but not limited to, documenting, and maintaining System Security Plans, Plan of Actions, and Milestones, and Continuous Monitoring.
- Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy.
- Coordinate and/or lead in establishing strict program control processes to ensure mitigation of risks and supports obtaining authorization and assessment of systems. Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction, and release, emerging technology research inspections, and periodic audits
- Assist and/or lead in performing analyses to validate established security requirements and recommend additional security requirements and safeguards.
- Support multiple security requirements within diverse program environments. Familiar with Personnel Security (PERSEC), Communication Security (COMSEC), Operational Security (OPSEC), security education, conducting security incident investigations, accreditation of secure areas at various levels, and performing access control and physical security responsibilities.
- Provide timely and accurate reporting on threat findings, trends, and incidents to stakeholders and upper management
- Collaborate with cross-functional teams to implement recommended security measures and remediation strategies
- Must understand vulnerabilities, exploits, and have a practical working knowledge of all applicable Federal RMF cybersecurity best practices and mandates.
Qualifications/Education/Experience/Skills:
- Bachelor’s degree in Cyber Security or equivalent area of studies
- 3+ years’ experience in the job functions listed above; 5+ years’ experience may be substituted for a degree
- Certified Information Security Manager (CISM) is preferred
- Understanding of general cybersecurity principles, various technology solutions, and threat actor tactics
- DoD Level 2 IAT/IAE/IAM certification IAW NICE guidelines
Physical Requirements:
The work is mostly sedentary involving frequent telephone communication and preparation of written correspondence. While performing the duties of this job, the employee routinely is required to sit, stand, walk, see, hear, and feel. Occasionally will need to lift and/or move up to 10 pounds. Must be able to interpret data, information, and documents. Can learn and apply new information and/or skills.
Benefits:
Compass Systems, Inc. is a profitable, growing company offering excellent salaries and benefits. We are proud to be an Equal Opportunity Employer and demonstrate our commitment to our employees by offering a competitive and valuable rewards program including 401(k), medical, vision, Rx, dental, short and long-term disability, life insurance and recruitment incentives.
Compass Systems Inc. is an Equal Opportunity Employer, including disability and veteran status. Use of any external recruitment or job placement agency is based upon its compliance with our commitment to equal opportunity and affirmative action.