Amentum
Cybersecurity Analyst
Amentum, Mc Lean, Virginia, us, 22107
This role with perform assessment and authorization (A&A) efforts under the NIST Risk Management Framework (RMF) on behalf of a federal civilian agency as a contractor. The role will conduct cybersecurity analysis in preparation for A&A reviewing and validation of all associated cybersecurity documentation and technical controls.
The role will work within a team that conducts A&A activities. This individual will develop System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Report (SARs), Security Assessment Plan (SAPs), and other documentation.
This position covers all cybersecurity aspects including, but not limited to, identifying risks, validating the mitigation of plans of action, analyzing system designs, and assisting with A&A issues that may prevent a system from receiving authorization. It supports the implementation of RMF by developing documentation and updating policies, procedures, and processes as assigned.
Assesses and mitigates system security threats/risks throughout the program life cycle. Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations. Creates and reviews A&A Body of Evidence documentation, providing feedback on completeness and compliance of its content. Develops and executes Security Test Plan (STP) in close cooperation with team members.
Responsibilities and Duties:
• Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
• Identify potential risks associated with system configurations and advise on mitigation strategies
• Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort
• Assist to estimate Level of Effort (LOE) involved in performing A&A activities
• Assist customer program offices in interpreting and applying mitigation strategies
• Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report findings in POA&Ms document
• Document residual risks and provide the cybersecurity risk analysis and mitigation determination results
• Maintain cybersecurity policy and processes as assigned
• Able to analyze, interpret, and apply Federal cybersecurity guidance to customer needs
• Communicate the security posture of systems through designated reporting mechanism
• Collaborate with other team members in cybersecurity
Required Skills:
US Citizenship Required
Must have the ability to obtain a Public Trust Clearance prior to starting work
• 5+ years of experience in the following areas: Cybersecurity policy, procedures, and processes, including RMF and NIST 800-53 and A&A's
• Experience developing A&A documentation from scratch and performing assessments; RMF step 1 through 4
• Familiar with NIST publications, specifically RMF and NIST controls
• One or more of the following certifications preferred (Security+, CAP, CISSP, CISM, GSEC, GCIH, or GSLC)
• Familiar with dealing with defense-in-depth, and other information security and assurance principles and associated supporting technologies
• Familiarization with ATO processes
• Experience working in Xacta, Greenlight/Roadrunner
• Excellent customer service and organization skills
• Excellent oral and written communication skills
• Must demonstrate proficiency in the following areas: multi-tasking, critical thinking; and the ability to work quickly, efficiently and accurately in a dynamic and fluid environment
• Ability to work both independently and as a member of a team
• BA/BS Degree
Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran’s status, ancestry, sexual orientation, gender identity, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal EEO laws and supplemental language at EEO including Disability/Protected Veterans (https://www.dol.gov/agencies/ofccp/posters) and Labor Laws Posters (https://protect-us.mimecast.com/s/MI5TC2kqOqsOBPMVfnZ32U) .
The role will work within a team that conducts A&A activities. This individual will develop System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Report (SARs), Security Assessment Plan (SAPs), and other documentation.
This position covers all cybersecurity aspects including, but not limited to, identifying risks, validating the mitigation of plans of action, analyzing system designs, and assisting with A&A issues that may prevent a system from receiving authorization. It supports the implementation of RMF by developing documentation and updating policies, procedures, and processes as assigned.
Assesses and mitigates system security threats/risks throughout the program life cycle. Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations. Creates and reviews A&A Body of Evidence documentation, providing feedback on completeness and compliance of its content. Develops and executes Security Test Plan (STP) in close cooperation with team members.
Responsibilities and Duties:
• Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
• Identify potential risks associated with system configurations and advise on mitigation strategies
• Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort
• Assist to estimate Level of Effort (LOE) involved in performing A&A activities
• Assist customer program offices in interpreting and applying mitigation strategies
• Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report findings in POA&Ms document
• Document residual risks and provide the cybersecurity risk analysis and mitigation determination results
• Maintain cybersecurity policy and processes as assigned
• Able to analyze, interpret, and apply Federal cybersecurity guidance to customer needs
• Communicate the security posture of systems through designated reporting mechanism
• Collaborate with other team members in cybersecurity
Required Skills:
US Citizenship Required
Must have the ability to obtain a Public Trust Clearance prior to starting work
• 5+ years of experience in the following areas: Cybersecurity policy, procedures, and processes, including RMF and NIST 800-53 and A&A's
• Experience developing A&A documentation from scratch and performing assessments; RMF step 1 through 4
• Familiar with NIST publications, specifically RMF and NIST controls
• One or more of the following certifications preferred (Security+, CAP, CISSP, CISM, GSEC, GCIH, or GSLC)
• Familiar with dealing with defense-in-depth, and other information security and assurance principles and associated supporting technologies
• Familiarization with ATO processes
• Experience working in Xacta, Greenlight/Roadrunner
• Excellent customer service and organization skills
• Excellent oral and written communication skills
• Must demonstrate proficiency in the following areas: multi-tasking, critical thinking; and the ability to work quickly, efficiently and accurately in a dynamic and fluid environment
• Ability to work both independently and as a member of a team
• BA/BS Degree
Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran’s status, ancestry, sexual orientation, gender identity, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal EEO laws and supplemental language at EEO including Disability/Protected Veterans (https://www.dol.gov/agencies/ofccp/posters) and Labor Laws Posters (https://protect-us.mimecast.com/s/MI5TC2kqOqsOBPMVfnZ32U) .