Sr. Cyber Security Analyst

2018-07-07
CSRA (www.csra.com)
Other

/yr

  full-time   employee


Washington
District of Columbia
United States

CSRA is looking for a Senior Cyber Security Analyst to support our federal client Federal Energy Regulatory Commission (FERC) located in Washington, DC.  The Senior Cyber Security Analyst Provides leadership to a Cyber-Security program, implementing a Risk Management framework approach to managing agency risks.  Matures the agency's Cyber program to a Continuous Monitoring program approach.    Develops accreditation packages, documents risks and recommendations, developed Security memorandums.  Reviews tests results and provides independent Q&A and validation of results.   Manages risks by providing formal and information risk assessments and facilitates POA&M management.

The Senior Cyber Security Analyst develops Cyber Security programs, processes, policies, and procedures. Fosters Cyber Security awareness. Conducts Cyber incident and event analysis and investigation. Assesses network vulnerabilities. Ensures necessary data protection and Security controls.

Responsibilities:

The Senior Cyber Security Analyst will actively participate in conducting Security assessments of systems to identify vulnerabilities, providing recommendations for their remediation, and assisting system owners in implementing effective safeguards. Validating that controls are risk rated and risk statements are clearly stated and capture the specific business impact to the judiciary in the event that a deficiency is exploited. 

Additional responsibilities may include but are not limited to:

  • Developing Security assessment plans for systems, including the objectives, scope, schedule, required documentation, possible risks, and other logistical items for Security assessments
  • Develops cloud service provider testing approach
  • Provides validation of Security control tests for cloud service provides
  • Coordinating access to systems and approvals for scanning activities
  • Conducting ad hoc testing on an as-needed basis to assist with development activities or vulnerability remediation
  • Reviewing/testing system Security controls (managerial, operational, and technical) to determine adequacy against federal requirements (e.g., NIST SP 800-53) and mission context.
  • Documenting plans of action and milestones for corrective action following assessment activities and in response to identified vulnerabilities
  • Draft Security policies and procedures including the system Security plan, and agency specific policies in accordance with NIST requirements
  • Routinely conduct risk assessments to quantify impacts of vulnerabilities or decisions to the federal government.

Qualifications:

Education:

6-9+ Years; Bachelors, Desired Education: Masters.

Required Experience:

  • BS in Engineering, Computer Science or related Science degree
  • Experience with Risk Management Frameworks
  • Minimum of 3 years? experience related to NIST 800-53a Rev 4 control testing/validation
  • Minimum of 6 years? managing and conducting A&A engagements
  • Minimum of 5 years? experience in information Security fundamental/principles

Nice to Have:

  • Certified Information Systems Security Professional (CISSP)
  • Security+
  • Certified Information Security Manager (CISM)
  • Certified Ethical Hacker (CEH)

 

Save This Job

Email This Job to a Friend