Sr. Cyber Security Analyst
Osi Vision is seeking a Sr. Cyber Security Analyst to perform system, network and application Assessment and Authorization (A&A)-related tasks including Risk Management Framework (RMF) package development, Cybersecurity (Information Assurance) controls analysis, risk assessment, contingency planning, Security Test and Evaluation (ST&E), risk mitigation analysis, and technology. reviews/assessments.
• Review information system (IS) architectures, operating mode, applications, data types, system boundaries, connections and other relevant information that will allow a full risk assessment
• Assist or conduct at any time a CG system SBU or Classified systems authorization if the accreditation is revoked by /AO, system security posture changes, or by normal expiration of the Authority to Operate (ATO)
• Determine the security requirements and provide a Requirements Traceability Matrix (RTM) to the Contracting Officer Representative (COR).
• Comply with the defined Security Authorization Process (SAP) process consisting of:
• Generate an information system initial risk assessment report;
• Develop the security plan (SP);
• Support the security control assessment plan, independent verification and validation, independent audits.
• Obtain, retrieve, compile, and draft documentation for inclusion to the SP.
• Ensure that all drafts go thru Quality Assurance Review prior to delivery.
• Verify the accuracy of the SP, system architectural diagrams, and identity of the systems being accredited as SBU or Classified.
• Perform and conduct independent Test and Evaluation to ensure that the system’s confidentiality, integrity, and availability are maintained at the standards that are in accordance with the Federal Information Processing Standards (FIPS) 199, FIPS 200 and CNSSI 1253.
• Perform System Architectural Analysis to include reviewing of network connections and interfaces, review system application specification and requirements, specifically those relevant to system security, and review other pertinent system development life cycle documentation.
• Determine if Personal Identifiable Information is stored, processed, or transmitted within the general support system. If applicable, the candidate will conduct the USCG’s Privacy Threshold Analysis
• Assist in the ongoing improvement of CG-9335 Cybersecurity (Information As
Knowledge and Skill Requirements:
• At least seven (7) years demonstrated experience supporting a major system acquisition program’s Security Authorization process.
• US Government or military experience
• Must have an Active DoD Secret clearance
• Bachelors degree from an accredited university.
• Knowledge of performing system, network and application A&A-related tasks including RMF package development, IA/security controls analysis, risk assessment, contingency planning, Security Test and Evaluation (ST&E), risk mitigation analysis, and technology reviews/assessments.
• Experience with Platform Information Technology (PIT) /Industrial Control System (ICS) analysis.
• Familiar with DoD/DHS Cybersecurity directives, policy, instructions and orders
• Must hold appropriate current DoD baseline Cybersecurity certifications in accordance with DoD 8570.01-M IAM Level III, I.e. CISM CISSP, GSLC
• Proficiency with Microsoft Office applications (MS Word, Excel, Powerpoint, etc…)