Address
Form of workJob Description
General Summary:
Mount Indie is looking or a Cyber Analyst/ISSO to perform cloud-based system comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls in accordance with NIST 800-53.
Principal Duties and Responsibilities (*Essential Functions):
- Review RMF Packages for completeness and technical accuracy.
- Review and evaluate the effects on security of system changes, including interfaces with other ISs and documents all changes.
- Ensure that all ISs within their area of responsibility have received a current ATO.
- Complete eMass updates, ATO boundaries, deviations, POA&M documentation
- Assess the current Cyber Security posture and identify mitigations for risks
- Review existing documentation and perform edits to ensure the applicable controls are met to support acquisition decisions, program office requirements, and contracts. If documentation does not exist, create the correct policies, procedures, and artifacts to ensure applicable controls are met.
- Ensure system vulnerabilities are properly documented in the Plan of Action and Milestones (POA&M).
- Conduct vulnerability scans, identify the correct applicable Security Technical Implementation Guide (STIG) checklists for each system, determine the compliance status for each identified STIG, conduct RMF Control validation, and review a variety of DOD, Army, RMF and NIST documentation. This includes the SP, CMP, COOP, and other A&A artifacts to assess the cybersecurity posture of subject systems.
- Execute technical evaluation for compliance with Security Technical Implementation Guides (STIGs) and other applicable requirements.
- Review and provide assessments of all DoD Risk Management Framework (RMF) artifacts and associated documents.
- Expertise knowledge in running and validating cybersecurity tools that include, but are not limited to, the eMASS, Security Content Automation Protocol Compliance Checker (SCC), Assured Compliance Assessment Solution (ACAS)/Nessus, and STIG Viewer.
Required Qualifications
- Associates Degree or a Bachelors Degree in related field, or equivalent experience.
- Minimum of 3 related certifications may be used in place of unrelated degree field.
- Minimum of 8 years to 10 years of work related experience.
- Strong written and verbal communication skills.
- eMASS, STIG, ACAS experience
- RMF & accreditation experience
- Current and active Security +CE certification or equiv/higher
- US Citizenship Required; DoD Secret security clearance required
Preferred Qualifications
- CISSP/CISM certification
- CCSP certification
- Cloud based system knowledge and accreditation experience
- Cloud related certification
