Consultant - CYBERSECURITY ANALYST, MID

We are seeking a Cybersecurity Analyst to support the Product Manager Biometrics (PdM Biometrics) mission. The Cybersecurity Analyst will be responsible for safeguarding the integrity of our systems and information, ensuring compliance with cybersecurity policies and frameworks, and maintaining secure IT environments. This role involves implementing and monitoring cybersecurity measures, conducting risk assessments, ensuring timely compliance with regulations, and supporting incident response activities. The Cybersecurity Analyst will work within a collaborative environment to assess, test, and reinforce the security posture of our systems and applications, supporting the broader mission of the organization. Duties/Responsibilities: Provide cybersecurity expertise to ensure the appropriate level of confidentiality, integrity, authentication, non-repudiation, and availability based on the importance of information and assets, documented threats, vulnerabilities, and the trustworthiness of users and interconnecting systems. Assess the potential impact of impairment or destruction to DoD information systems and recommend strategies to address risks effectively and cost-efficiently. Perform activities supporting Risk Management Framework (RMF) in accordance with DoDI 8500.02, DoDI 8510.01, NIST 800-37, ICD 503, and AR 25–1 and 25–2. Appoint an Information Systems Security Officer (ISSO) to achieve and maintain Authorizations to Operate (ATO) for system environments. Ensure compliance with Defensive Overwatch or assigned Cloud Cybersecurity Service Provider (CSSP) requirements and review relevant reports to ensure timely updates and closures. Implement and comply with cybersecurity mandates, including INFOCONs, OPORDs, EXORDs, IAVAs, and tech-tips, adhering to AR 25–2 and NETCOM TTPs. Validate cybersecurity configurations using DISA Security Technical Implementation Guides (STIGs), SRGs, and the Evaluate STIG tool. Assessment and Authorization (A&A):

Prepare and maintain A&A documentation, including RMF artifacts, in compliance with PEO IEW&S directions and applicable DoD and Army policies. Maintain eMASS packages, documenting implemented security controls, self-assessment findings, and continuous monitoring activities. Develop and manage Plan of Action and Milestones (POA&M) for findings or weaknesses, ensuring timely resolution and resource prioritization.

Configuration Control:

Ensure information systems' configuration aligns with security posture and maintain compliance with configuration management plans. Develop, maintain, and distribute system-related plans, instructions, and SOPs.

Inspections and Testing:

Conduct cybersecurity inspections, including Security Control Assessments, CCRIs, CVPAs, A&As, and software assurance tests, ensuring adherence to program office objectives. Provide technical support for vulnerability scans, penetration testing, and NIST 800-53 security control analysis.

Support vulnerability mitigation and incident response activities, reporting from identification to closure. Provide cybersecurity status reports, including compliance posture, patch deployment, and outstanding vulnerabilities. Training and Certification:

Track and ensure compliance with mandated cybersecurity training and certification requirements (DoD 8140.01, 8570.01-M, AR 25-1, AR 25-2). Manage user agreements and certification requirements in the Army Training and Certification Tracking System (ATCTS).

Acquisition Documentation:

Contribute cyber input to DoDI 5000.02 acquisition documentation, including Clinger Cohen Act compliance and Cybersecurity Strategies.

Required Skills: Bachelor’s Degree in a technical or scientific field (e.g., software/computer engineering, computer science) DoD 8570.01-Manual (M) Baseline Certification for an Information Assurance Manager (IAM) Level III Strongly Preferred Experience: Previous experience in a cybersecurity role within DoD or Army environments. Experience working with Risk Management Framework (RMF) and continuous monitoring processes. Hands-on experience with Assured Compliance Assessment Solution (ACAS), Enterprise Mission Assurance Support Service (eMASS), Host Based Security System (HBSS), Windows Server Update Services (WSUS), Cloud Security Infrastructure products and tools, and Intrusion Detection/Prevention Systems (IDS/IPS). Previous involvement in preparing and maintaining A&A documentation, including using eMASS and STIGs. Experience conducting security inspections and vulnerability testing, including penetration testing and security control assessments. Nice to Have Skills: Experience with cloud security frameworks and tools (e.g., AWS, Azure). Knowledge of DoD 5000.02 acquisition documentation and Cybersecurity Strategies. Experience with incident response tools and processes. Knowledge of emerging cybersecurity threats and technologies. Education and Experience: Bachelor’s Degree in a technical or scientific field (e.g., software/computer engineering, computer science) Five (5) years of relevant experience in cybersecurity. Clearance Requirement: Secret

#J-18808-Ljbffr