Mid-Level IT Security Analyst - Military veterans preferred

SAIC (www.saic.com)


  full-time   employee

United States



• Facilitate meetings with contractor, Agency and third-party contractor staff to support A&A-related engagements.
• Track artifact and meeting requests and providing status reports on outstanding items to Agency staff.
• Coordinate with contractor and Agency staff to provide requested artifacts for A&A-related engagements in a timely manner.
• Review artifacts provided by contractor staff to ensure requested information have been properly provided and meet appropriate security/privacy requirements.
• Coordinate vulnerability remediation efforts with contractor and Agency staff in order to remediate findings within specified deadlines.
• Review policies and procedures for compliance with applicable standards; and to identify areas of improvement for finding remediation
• Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
• Identify potential risks associated with system configurations and advise on mitigation strategies
• Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort
• Assist customer program offices in interpreting and applying mitigation strategies
• Review documentation to ensure compliance with Federal cybersecurity requirements
• Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report findings in POA&Ms document to ISSO
• Maintain cybersecurity procedures and processes as assigned
• Able to analyze, interpret, and apply Federal cybersecurity guidance to customer needs
• Communicate the security posture of systems through designated reporting mechanism


EDUCATION AND EXPERIENCE: Bachelors degree and five (5) years or more experience; Masters and three (3) years or more experience; PhD and 0 years related experience.

• 5+ years of experience in the following areas: Cybersecurity policy, procedures, and processes, including RMF and NIST 800-53 and A&A's
• Experience using with Microsoft Office (Word, Excel, Visio, PowerPoint, MS Project), MS SharePoint  
• Experience developing A&A documentation from scratch and performing assessments; RMF step 1 through 4
• Experience supporting ISSOs or acting as one
• Familiar with NIST publications, specifically RMF and NIST controls
• Familiar with dealing with defense-in-depth, and other information security and assurance principles and associated supporting technologies
• Excellent customer service and organization skills
• Excellent oral and written communication skills
• Must be able to review artifact and meeting requests and determine correct contractor personnel based on requested information
• Must be highly organized and detail oriented
• Must be able to take initiative and work independently or as a member of a team.
• Must demonstrate proficiency in the following areas: multi-tasking, critical thinking; and the ability to work quickly, efficiently and accurately in a dynamic and fluid environment

Individual must have a current Public Trust clearance or be able to obtain a Public Trust clearance.

Desired Qualifications

 Bachelors degree in IT, Cyber Security, Computer Science or related field preferred.   
• Experience working with Security engineering to review Nessus Vulnerability / Tripwire compliance scans
• Experience performing on-site cybersecurity assessments using Standards such as CIS Benchmarks, DISA STIGS, etc.
• Broad technical experience related to IT operations, networks, OS's, and system administration
One or more of the following certifications preferred (Security+, CAP, CISSP, CISM, GSEC, GCIH, or GSLC)