ECS Limited
Information Security Analyst
ECS Limited, Seaside, California, United States, 93955
ECS is seeking an
Information Security Analyst
to work in our
SEASIDE, CA
office.
Serve as a Risk Management Specialist Analyst for the Risk Management Branch and other functional groups. Provide Risk Management Framework (RMF) support to assigned DMDC/DHRA Information Systems; ensuring that System/Product Owners maintain an appropriate operational cybersecurity posture Support Continuous Monitoring and Event-driven monitoring for Boundary/System Owner in all activities conducted to ensure controls remain effective over time, by monitoring control(s) assurance for the given systems' Common and Inherited Controls and Reciprocity STIGS: Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation for the Risk Management Branch and other functional groups. Other STIG tools may be applicable POA&M
Develop and track compliance for new and existing POA&Ms for all ATOs. Review POA&M status at the prescribed frequency, and engage staff members across the enterprise to ensure POA&M date are achieved on time and are documented in eMASS
Provide support for the ServiceNow ticket queues for cybersecurity Risk Management Branch Documentation Compliance and Management Provide security documentation management by ensuring document currency, and compliance status with NIST controls and CCIs
Support documentation maintenance for all required artifacts in eMASS. Support the development of policies and procedures
As needed, conduct research and present findings to leadership, ISSOs, ISSMs, etc. Provide support under ISSO and or senior leadership guidance that appropriate security controls and measures are in place to safeguard DHRA/DMDC systems, applications, networks, and data. Provide support to Risk Management team across a spectrum of services. Support the review the system as required, to identify and eliminate unnecessary functions, ports, protocols, and/or services Assist the boundary owner(s) in the creation and or update of a compliant System Security Plan (SSP), as well as managing and controlling changes to the system and assessing the security impact of those changes Provide support for the creation of presentations and or metrics as requested. Create weekly, and monthly reports, as needed Salary Range: $140,000
General Description of Benefits
Must be a US citizen per contract, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested. Bachelor's degree in computer science, cybersecurity, information security, or similar discipline OR 5 plus years of cybersecurity experience, in support of the DoD or other federal clients. Education substitution allowed Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP. Willing to accept CompTIA Security+, and be willing to acquire and maintain a CASP+ or CISSP. Understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls eMASS experience Experience with reviewing vulnerability scans and suggesting mitigation techniques Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
Information Security Analyst
to work in our
SEASIDE, CA
office.
Serve as a Risk Management Specialist Analyst for the Risk Management Branch and other functional groups. Provide Risk Management Framework (RMF) support to assigned DMDC/DHRA Information Systems; ensuring that System/Product Owners maintain an appropriate operational cybersecurity posture Support Continuous Monitoring and Event-driven monitoring for Boundary/System Owner in all activities conducted to ensure controls remain effective over time, by monitoring control(s) assurance for the given systems' Common and Inherited Controls and Reciprocity STIGS: Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation for the Risk Management Branch and other functional groups. Other STIG tools may be applicable POA&M
Develop and track compliance for new and existing POA&Ms for all ATOs. Review POA&M status at the prescribed frequency, and engage staff members across the enterprise to ensure POA&M date are achieved on time and are documented in eMASS
Provide support for the ServiceNow ticket queues for cybersecurity Risk Management Branch Documentation Compliance and Management Provide security documentation management by ensuring document currency, and compliance status with NIST controls and CCIs
Support documentation maintenance for all required artifacts in eMASS. Support the development of policies and procedures
As needed, conduct research and present findings to leadership, ISSOs, ISSMs, etc. Provide support under ISSO and or senior leadership guidance that appropriate security controls and measures are in place to safeguard DHRA/DMDC systems, applications, networks, and data. Provide support to Risk Management team across a spectrum of services. Support the review the system as required, to identify and eliminate unnecessary functions, ports, protocols, and/or services Assist the boundary owner(s) in the creation and or update of a compliant System Security Plan (SSP), as well as managing and controlling changes to the system and assessing the security impact of those changes Provide support for the creation of presentations and or metrics as requested. Create weekly, and monthly reports, as needed Salary Range: $140,000
General Description of Benefits
Must be a US citizen per contract, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested. Bachelor's degree in computer science, cybersecurity, information security, or similar discipline OR 5 plus years of cybersecurity experience, in support of the DoD or other federal clients. Education substitution allowed Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP. Willing to accept CompTIA Security+, and be willing to acquire and maintain a CASP+ or CISSP. Understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls eMASS experience Experience with reviewing vulnerability scans and suggesting mitigation techniques Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk