M+E Technology Job Board
Cybersecurity Analyst
GRIMM
Grimm is seeking an experienced Cybersecurity Analyst with DoD certification and accreditation (C&A) and hands-on IA/Cyber Security operational experience. The successful candidate will provide the Information Assurance (IA) analysis and Assessment and Authorization (A&A) expertise required to support the execution of all steps necessary for obtaining RMF accreditations and maintaining complete C&A related packages for client systems.
The candidate will review security requirements, products, configurations, and IA architectures to ensure the security architecture and associated accreditation documentation meets Agency and DoD IA controls and standards. The candidate will provide advice and recommendations on IA and A&A matters along with programmatic support in dynamic and challenging environments, including participating in collaboration team meetings, coaching program managers and IA/Cyber Security practitioners through certification and compliance processes, and track critical IA/RMF processes and elements.
The candidate will draft required RMF documents and artifacts in support of accreditation actions and perform A&A validation. The candidate will maintain the accurate, steady, and consistent flow of information in response to client direction through established processes. The candidate will be experienced and successful at solving complex cyber security issues, enjoy working in a dynamic, responsive, and collaborative environment dedicated to the success of our customers against advanced, persistent threats.
years of experience in A&A and information assurance including current experience, and detailed knowledge of the DoD Information Assurance processes including Risk Management Framework (RMF).
Knowledge of network architecture and understanding the relation to IA controls is required. Candidate experience in the Assessment and Authorization (A&A) processes specifically leveraging RMF. eMASS and NIST Risk Management Framework is required. Must possess the ability to identify unique system security characteristics, interview key organizational personnel, compose requisite documentation, and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices. Must have the ability to communicate with and distill information from technical resources during formal and informal meetings.
Duties/Required knowledge
Provide project support/interaction between the client’s Cyber Security environment and other groups/agencies environments
Support C&A/A&A type activities for multiple projects/programs
Process refinement to align, streamline, and automate test and certification activities supporting internal and external projects SDLC processes
Strong background and experience supporting Risk Management Framework (RMF) and associated activities
Support installation and certification/vulnerability/penetration testing of infrastructure servers/tools, COTS/GOTS products and custom applications in a virtual environment
Senior-level experience designing, conducting, and documenting certification and vulnerability tests and activities.
Background supporting structured environments (e.g., CMMI and/or ISO compliant)
Extensive C&A/A&A experience in a COTS intensive system environment
Solid understanding of Controls Validation and implementation
Experience with Sharepoint or similar suite of collaboration and development tools
Experience with Agile methodologies for development and test
Experience with eMASS / MCCAST A&A systems is required.
Daily Duties
Manage and Employ ACAS
Configure scans
Initiate scans
Review results
Create custom reports
Update ACAS software and signatures
Create and Maintain Documentation
POAM Generation
POAM review
Report results aggregation
Determine applicability through research and coordination
IAVM Review
Determine applicability through research and coordination
Update documentation
Track status via defined methods
Manage and Employ SCAP/SCC
Configure scans
Initiate scans
Review results
Update SCAP definitions
Checklist/STIG review
Checklist generation and
Determine availability of new STIGs
Update checklists to new STIG versions
Required Skills
Required Certification: DoD 8570 IAT Level II certified – requires Security + in addition to a computing environment (CE) certification (i.e. LFCS, MCSA, CCNA, etc.)
Experience with specific COTS products or types of COTS/GOTS products, such as the following is highly desired:
▪ eMASS / MCCAST
▪ HP/Fortify Security Center
▪ ACAS/Nessus
▪ AppScan
▪ CoreInsight
▪ Remedy
Clearance Requirements
TS/SCI preferred / Secret (minimum)
Experience Requirements
Mid = 5-8 years experience
Senior = 8 – 12 years experience
GRIMM
Grimm is seeking an experienced Cybersecurity Analyst with DoD certification and accreditation (C&A) and hands-on IA/Cyber Security operational experience. The successful candidate will provide the Information Assurance (IA) analysis and Assessment and Authorization (A&A) expertise required to support the execution of all steps necessary for obtaining RMF accreditations and maintaining complete C&A related packages for client systems.
The candidate will review security requirements, products, configurations, and IA architectures to ensure the security architecture and associated accreditation documentation meets Agency and DoD IA controls and standards. The candidate will provide advice and recommendations on IA and A&A matters along with programmatic support in dynamic and challenging environments, including participating in collaboration team meetings, coaching program managers and IA/Cyber Security practitioners through certification and compliance processes, and track critical IA/RMF processes and elements.
The candidate will draft required RMF documents and artifacts in support of accreditation actions and perform A&A validation. The candidate will maintain the accurate, steady, and consistent flow of information in response to client direction through established processes. The candidate will be experienced and successful at solving complex cyber security issues, enjoy working in a dynamic, responsive, and collaborative environment dedicated to the success of our customers against advanced, persistent threats.
years of experience in A&A and information assurance including current experience, and detailed knowledge of the DoD Information Assurance processes including Risk Management Framework (RMF).
Knowledge of network architecture and understanding the relation to IA controls is required. Candidate experience in the Assessment and Authorization (A&A) processes specifically leveraging RMF. eMASS and NIST Risk Management Framework is required. Must possess the ability to identify unique system security characteristics, interview key organizational personnel, compose requisite documentation, and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices. Must have the ability to communicate with and distill information from technical resources during formal and informal meetings.
Duties/Required knowledge
Provide project support/interaction between the client’s Cyber Security environment and other groups/agencies environments
Support C&A/A&A type activities for multiple projects/programs
Process refinement to align, streamline, and automate test and certification activities supporting internal and external projects SDLC processes
Strong background and experience supporting Risk Management Framework (RMF) and associated activities
Support installation and certification/vulnerability/penetration testing of infrastructure servers/tools, COTS/GOTS products and custom applications in a virtual environment
Senior-level experience designing, conducting, and documenting certification and vulnerability tests and activities.
Background supporting structured environments (e.g., CMMI and/or ISO compliant)
Extensive C&A/A&A experience in a COTS intensive system environment
Solid understanding of Controls Validation and implementation
Experience with Sharepoint or similar suite of collaboration and development tools
Experience with Agile methodologies for development and test
Experience with eMASS / MCCAST A&A systems is required.
Daily Duties
Manage and Employ ACAS
Configure scans
Initiate scans
Review results
Create custom reports
Update ACAS software and signatures
Create and Maintain Documentation
POAM Generation
POAM review
Report results aggregation
Determine applicability through research and coordination
IAVM Review
Determine applicability through research and coordination
Update documentation
Track status via defined methods
Manage and Employ SCAP/SCC
Configure scans
Initiate scans
Review results
Update SCAP definitions
Checklist/STIG review
Checklist generation and
Determine availability of new STIGs
Update checklists to new STIG versions
Required Skills
Required Certification: DoD 8570 IAT Level II certified – requires Security + in addition to a computing environment (CE) certification (i.e. LFCS, MCSA, CCNA, etc.)
Experience with specific COTS products or types of COTS/GOTS products, such as the following is highly desired:
▪ eMASS / MCCAST
▪ HP/Fortify Security Center
▪ ACAS/Nessus
▪ AppScan
▪ CoreInsight
▪ Remedy
Clearance Requirements
TS/SCI preferred / Secret (minimum)
Experience Requirements
Mid = 5-8 years experience
Senior = 8 – 12 years experience