Information Security Analyst

ECS is seeking an Information Security Analyst to work in our SEASIDE, CA office.

Serve as a Risk Management Specialist Analyst for the Risk Management Branch and other functional groups.

Provide Risk Management Framework (RMF) support to assigned DMDC/DHRA Information Systems; ensuring that System/Product Owners maintain an appropriate operational cybersecurity posture

Support Continuous Monitoring and Event-driven monitoring for Boundary/System Owner in all activities conducted to ensure controls remain effective over time, by monitoring control(s) assurance for the given systems' Common and Inherited Controls and Reciprocity

STIGS: Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation for the Risk Management Branch and other functional groups. Other STIG tools may be applicable

POA&M

Develop and track compliance for new and existing POA&Ms for all ATOs.

Review POA&M status at the prescribed frequency, and engage staff members across the enterprise to ensure POA&M date are achieved on time and are documented in eMASS

Provide support for the ServiceNow ticket queues for cybersecurity Risk Management Branch

Documentation Compliance and Management

Provide security documentation management by ensuring document currency, and compliance status with NIST controls and CCIs

Support documentation maintenance for all required artifacts in eMASS.

Support the development of policies and procedures

As needed, conduct research and present findings to leadership, ISSOs, ISSMs, etc.

Provide support under ISSO and or senior leadership guidance that appropriate security controls and measures are in place to safeguard DHRA/DMDC systems, applications, networks, and data.

Provide support to Risk Management team across a spectrum of services.

Support the review the system as required, to identify and eliminate unnecessary functions, ports, protocols, and/or services

Assist the boundary owner(s) in the creation and or update of a compliant System Security Plan (SSP), as well as managing and controlling changes to the system and assessing the security impact of those changes

Provide support for the creation of presentations and or metrics as requested. Create weekly, and monthly reports, as needed

Salary Range: $140,000

General Description of Benefits

Must be a US citizen per contract, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested.

Bachelor's degree in computer science, cybersecurity, information security, or similar discipline OR 5 plus years of cybersecurity experience, in support of the DoD or other federal clients. Education substitution allowed

Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP. Willing to accept CompTIA Security+, and be willing to acquire and maintain a CASP+ or CISSP.

Understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls

eMASS experience

Experience with reviewing vulnerability scans and suggesting mitigation techniques

Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders

Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions

Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk