A Cybersecurity Analyst IV oversees cybersecurity tasks in monitoring information systems and securing the Information Technology (IT) infrastructure operational environment to include developing and updating system security plans (SSPs), developing plans of action and milestones (POA&Ms), managing and controlling changes to the systems, conducting audits, providing incident response, vulnerability assessments, and assessing the security impact of security and non-security-relevant changes. Work is at an advanced level, involving oversite of deadlines, and cybersecurity engineering support for members of development, sustainment, or operations and maintenance team.
Employee will be responsible to perform the following functions/duties:
Provide direction and guidance to a team of junior to senior level cyber security experts responsible for the cybersecurity operations of complex networked and standalone IT systems
Keep informed of currently approved standards, codes, and procedures applied to cybersecurity specialty
Oversee multiple system packages throughout the Authorization to Operate (ATO) process
Maintain overall schedule and track all ATOs in development and in Continuous Monitoring (CONMON) stage
Provide technical expertise and mentoring to other members of the cybersecurity team to accomplish assigned tasks
Interface with senior government and JT4 leadership to keep them up-to date on the progress and status of ATOs and security posture of IT systems
Be primary interface between the Authorizing Official (AO) and the Security Control Assessor (SCA) for coordination of ATO packages
Conduct research and reference reading in obtaining technical information
Perform systems engineering activities in the areas of Cybersecurity / Information Assurance (IA) / System Security Engineering (SSE) and security assessment and authorization (A&A) in accordance with NIST SP 800-53 RMF
Apply risk management concepts to mitigate vulnerabilities in system security architectures
Interface with the Information System Security Manager (ISSM), program managers, system stakeholders, and external contractors to coordinate cybersecurity requirements and architecture flow down from the system level to individual elements of the system
Assist in preparation of reports, correspondence, or technical studies
Perform other job-related duties, as required
A master’s degree in Computer / Information Technology, or equivalent academic/technical training/certification;
10+ years of experience in computer systems security with 5 years of management experience, and/or related area of expertise; DoD 8570.01-M IAM level II and IASAE level II compliance;
Cybersecurity Service Provider certifications within DoD 8570.01-M within the designated timeframe upon hire date; and a minimum of the following certifications: CISM, CISSP, GSLC, or CCISO are required for this position
Additional desired certifications: CEH (Master) or CERP and Project Management Professional (PMP)
In addition, an Cybersecurity Analyst IV must possess the following qualifications:
Subject matter expert-level experience supporting various system configurations such as standalone, local area networks (LANs), and wide area networks (WANs)
Demonstrated experience with Risk Management Framework (RMF) process, eMASS, ACAS, SCAP, STIG, Cyber Risk Assessments (CRA), Cyber Table top (CTT) or related process
Robust conceptual and practical understanding of IT Infrastructure designs, technologies, products, and services
Demonstrated experience formulating and/or interpreting cyber threat analysis of adversary techniques, tactics, and procedures used to disrupt computer networks
Excellent written and verbal communication skills, analytical ability, judgment, and the ability to work effectively with the customer and Cybersecurity Engineering Support Team
Demonstrated experience with planning, designing, executing, and assessing discussion-based exercises
Demonstrated ability to plan, organize, and work under strict deadlines