Sr. Cyber Security Analyst
Osi Vision is seeking a Sr. Cyber Security Analyst to perform system, network and application Assessment and Authorization (A&A)-related tasks including Risk Management Framework (RMF) package development, Cybersecurity (Information Assurance) controls analysis, risk assessment, contingency planning, Security Test and Evaluation (ST&E), risk mitigation analysis, and technology reviews/assessments.
Job Role & Responsibilities
- Review information system (IS) architectures, operating mode, applications, data types, system boundaries, connections and other relevant information that will allow a full risk assessment
- Assist or conduct at any time a CG system SBU or Classified systems authorization if the accreditation is revoked by /AO, system security posture changes, or by normal expiration of the Authority to Operate (ATO)
- Determine the security requirements and provide a Requirements Traceability Matrix (RTM) to the Contracting Officer Representative (COR).
- Comply with the defined Security Authorization Process (SAP) process consisting of:
- Generate an information system initial risk assessment report;
- Develop the security plan (SP);
- Support the security control assessment plan, independent verification and validation, independent audits.
- Obtain, retrieve, compile, and draft documentation for inclusion to the SP.
- Ensure that all drafts go thru Quality Assurance Review prior to delivery.
- Verify the accuracy of the SP, system architectural diagrams, and identity of the systems being accredited as SBU or Classified.
- Perform and conduct independent Test and Evaluation to ensure that the system’s confidentiality, integrity, and availability are maintained at the standards that are in accordance with the Federal Information Processing Standards (FIPS) 199, FIPS 200 and CNSSI 1253.
- Perform System Architectural Analysis to include reviewing of network connections and interfaces, review system application specification and requirements, specifically those relevant to system security, and review other pertinent system development life cycle documentation.
- Determine if Personal Identifiable Information is stored, processed, or transmitted within the general support system. If applicable, the candidate will conduct the USCG’s Privacy Threshold Analysis
- Assist in the ongoing improvement of CG-9335 Cybersecurity (Information Assurance) procedures for information system security in the classified and unclassified areas.
- Support DoD/DHS/USCG inspections and audits that take place on various CG-9335 supported systems.
- Assemble packages at the direction of the ISSM and ISSO’s and provide copies of the package as needed.
- Monitor approved FISMA dashboard to ensure that all security criteria and regulatory requirements are maintained, and that changes that affect the SAP documentation are noted.
- Provide support during Cyber Security Inspection (CSI) and Cyber Command Readiness Inspection (CCRI)
Required Education & Experience
- Bachelor of Arts / Bachelor of Science degree from an accredited university.
- Must hold appropriate current DoD baseline Cybersecurity certifications in accordance with DoD 8570.01-M (IAM Level III)
- A minimum of at least seven (7) years of demonstrated experience supporting a major system acquisition program’s Security Authorization process.
- US Government or military experience
- Knowledge of performing system, network and application A&A-related tasks including RMF package development, IA/security controls analysis, risk assessment, contingency planning, Security Test and Evaluation (ST&E), risk mitigation analysis, and technology reviews/assessments.
- Experience managing complex projects or programs to include preparation of reports and correspondence that are technically correct; coordination and scheduling of multiple people, tasks and functions; managing funding of requirements; and providing support relative to Assessment and Authorization processes and DOD/DHS Cybersecurity (Information Assurance) directives.
- Experience with Platform Information Technology (PIT) /Industrial Control System (ICS) analysis.
- Familiar with DoD/DHS Cybersecurity directives, policy, instructions and orders
- Proficiency with Microsoft Office applications (MS Word, Excel, Powerpoint, etc…)
- Experience with Acquisition Life Cycle Framework
- Office computer and MS Office
Security Clearance Requirements
- Active Secret security clearance
- US citizenship