CALIBRE Systems
Job Description
CALIBRE Systems Inc., an employee-owned Management Consulting and Digital Transformation company, is seeking a mid-level Cybersecurity Analyst with a minimum of 5 to 7 years Risk Management Framework (RMF) experience to join our dynamic team in Alexandria, VA. The Cyber Security Analyst will provide support to our DoD customer to comply with and support the Department's and Agency's cyber mission. This position is a Hybrid role and will require some onsite work (Ft. Belvoir, VA).
CANDIDATES MUST HAVE AT LEAST AN ACTIVE SECRET SECURITY CLEARANCE
Required Skills
The Cyber Security Analyst's responsibilities include, but are not limited to, the following: Advise on a range of cybersecurity-related issues including but not limited to Risk Management Framework (RMF) accreditation, establishing information system boundaries, assessing the severity of weaknesses, risk mitigation approaches, security alerts, and vulnerabilities. Achieve and/or renew the system's Authority to Operate (ATO), which includes but is not limited to preparing accreditation packages, continuous monitoring plans, POAMs, risk assessment reports and creating a security plan. Demonstrate experience with all RMF phases, with particular emphasis managing the A&A processes. Facilitate remediation/mitigation of the POA&Ms within the eMASS system to reduce risk and address weaknesses to the system. Demonstrate in-depth experience within eMASS. Review hardware/software asset inventory and ensure completion and advise system owner (SO) and management regarding gaps. Demonstrated knowledge of all NIST Risk Management Framework SP 800-series and FISMA compliance. Verify that application/system security postures are implemented as stated and that documentation is in compliance with FISMA/NIST guidelines. Coordinate across teams to ensure compliance with policies and alignment with the Risk Management Framework (RMF) and Operating Division policies, procedures, and guidance; and manage delivery risks/logical escalation related to delivery requirements. Review threat and vulnerability assessment findings to quantify and prioritize vulnerabilities in a system. Analyze the effectiveness of the system security safeguards (examining for full compliance against requirements) to ensure they demonstrate the intended level of protection and functionality and advise or inform O-ISSM and leadership on risks to the security posture. Review system changes for security implications; conduct security impact assessments when system changes or additions occur to the system, evaluate compliance with IT security requirements, compare them with expected results, and make recommendations to system owners. Analyze and support security control assessments by verifying results with the organization's IS/IA requirements and confirm that the level of risk is within acceptable limits. Ability to work in a fast-paced, fluid environment. Strong verbal and written communication skills. Develop/update system security plans, risk assessments, disaster recovery, and contingency plans, incident response and additional system development life cycle (SDLC) security documentation for systems and/or applications in alignment with the SDLC. Perform technical risk, ACAS/Nessus vulnerability/endpoint malware scanning, and provide eMASS reports for accreditation. Conduct vulnerability analysis, reviewing STIG checklists, and apply cyber security remediation. Privacy, PII, and PHI cyber expertise (FISMA, HIPPA, Private Impact Assessments) Required Experience
US Citizenship a Must (Security Clearance is required). Active Secret Clearance or above. Meet DoD 8570 requirements IAT II security role (e.g., ISSO, Security Control Assessors) Bachelor's or Master's degree in Computer Science, Information Systems, Engineering, or other relevant discipline; or Professional certification in network engineering; or equivalent work experience. Preferred Skills:
Applying RMF in a cloud environment. DoDIN, DISA Information Assurance Guidance, and FEDRAMP Cloud Computing.
CALIBRE Systems Inc., an employee-owned Management Consulting and Digital Transformation company, is seeking a mid-level Cybersecurity Analyst with a minimum of 5 to 7 years Risk Management Framework (RMF) experience to join our dynamic team in Alexandria, VA. The Cyber Security Analyst will provide support to our DoD customer to comply with and support the Department's and Agency's cyber mission. This position is a Hybrid role and will require some onsite work (Ft. Belvoir, VA).
CANDIDATES MUST HAVE AT LEAST AN ACTIVE SECRET SECURITY CLEARANCE
Required Skills
The Cyber Security Analyst's responsibilities include, but are not limited to, the following: Advise on a range of cybersecurity-related issues including but not limited to Risk Management Framework (RMF) accreditation, establishing information system boundaries, assessing the severity of weaknesses, risk mitigation approaches, security alerts, and vulnerabilities. Achieve and/or renew the system's Authority to Operate (ATO), which includes but is not limited to preparing accreditation packages, continuous monitoring plans, POAMs, risk assessment reports and creating a security plan. Demonstrate experience with all RMF phases, with particular emphasis managing the A&A processes. Facilitate remediation/mitigation of the POA&Ms within the eMASS system to reduce risk and address weaknesses to the system. Demonstrate in-depth experience within eMASS. Review hardware/software asset inventory and ensure completion and advise system owner (SO) and management regarding gaps. Demonstrated knowledge of all NIST Risk Management Framework SP 800-series and FISMA compliance. Verify that application/system security postures are implemented as stated and that documentation is in compliance with FISMA/NIST guidelines. Coordinate across teams to ensure compliance with policies and alignment with the Risk Management Framework (RMF) and Operating Division policies, procedures, and guidance; and manage delivery risks/logical escalation related to delivery requirements. Review threat and vulnerability assessment findings to quantify and prioritize vulnerabilities in a system. Analyze the effectiveness of the system security safeguards (examining for full compliance against requirements) to ensure they demonstrate the intended level of protection and functionality and advise or inform O-ISSM and leadership on risks to the security posture. Review system changes for security implications; conduct security impact assessments when system changes or additions occur to the system, evaluate compliance with IT security requirements, compare them with expected results, and make recommendations to system owners. Analyze and support security control assessments by verifying results with the organization's IS/IA requirements and confirm that the level of risk is within acceptable limits. Ability to work in a fast-paced, fluid environment. Strong verbal and written communication skills. Develop/update system security plans, risk assessments, disaster recovery, and contingency plans, incident response and additional system development life cycle (SDLC) security documentation for systems and/or applications in alignment with the SDLC. Perform technical risk, ACAS/Nessus vulnerability/endpoint malware scanning, and provide eMASS reports for accreditation. Conduct vulnerability analysis, reviewing STIG checklists, and apply cyber security remediation. Privacy, PII, and PHI cyber expertise (FISMA, HIPPA, Private Impact Assessments) Required Experience
US Citizenship a Must (Security Clearance is required). Active Secret Clearance or above. Meet DoD 8570 requirements IAT II security role (e.g., ISSO, Security Control Assessors) Bachelor's or Master's degree in Computer Science, Information Systems, Engineering, or other relevant discipline; or Professional certification in network engineering; or equivalent work experience. Preferred Skills:
Applying RMF in a cloud environment. DoDIN, DISA Information Assurance Guidance, and FEDRAMP Cloud Computing.