[Remote] Cyber Security Analyst

Note: The job is a remote job and is open to candidates in USA. Criterion is a company that provides support, services, and solutions to federal government customers. They are seeking a Cyber Security Analyst to protect computer systems and networks from potential threats and vulnerabilities, monitor and analyze security incidents, and conduct risk assessments while supporting cybersecurity compliance initiatives.

Responsibilities

• Review, submit, and track Authority to Operate (ATO) packages
• Evaluate existing mission systems and cybersecurity posture
• Create, review, and recommend Standard Operating Procedures (SOPs) and templates in accordance with applicable regulations, policies, and best business practices
• Review business processes and provide Risk Management Framework (RMF) guidance and documentation support
• Pull, analyze, and report on Host-Based Security System (HBSS) data
• Provide RMF recommendations and assist with preparation, delivery, tracking, and monitoring of RMF artifacts and documentation
• Support security reporting requirements associated with network operations, deployments, DISA STIG compliance, encryption initiatives, and security mandates
• Respond to questions, taskers, and data calls from government stakeholders and partner organizations
• Support authorization and accreditation activities for systems, applications, and infrastructure
• Identify, mitigate, and resolve cybersecurity issues and concerns
• Conduct vulnerability assessments utilizing ACAS, SCC, and other approved tools
• Support Information Assurance Vulnerability Alert (IAVA) compliance and reporting requirements
• Perform remediation, imaging, and threat mitigation activities
• Support Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), vulnerability scanning solutions, anti-virus platforms, HBSS, firewalls, web filtering solutions, and VPN technologies
• Implement and manage RMF processes for information systems and networks
• Ensure Accreditation and Authorization (A&A) documentation remains compliant with applicable regulations and guidance
• Develop and maintain documentation supporting Authority to Operate (ATO), Authority to Connect (ATC), Certificate of Networthiness (CON), and System Security Plan (SSP) requirements
• Conduct RMF validation activities and security control assessments
• Verify implementation of cybersecurity controls and security requirements
• Implement emerging cybersecurity solutions and best practices
• Provide cybersecurity guidance and support to system owners and stakeholders
• Participate in incident response and spillage handling activities
• Monitor and report IAVM metrics and vulnerability status
• Support cybersecurity education, awareness, and training initiatives
• Conduct security assessments including: Security policy development, Security engineering and architecture design, Operational security management, Network security testing and evaluation, Computer security incident response, Vulnerability analysis, Malicious code analysis, Security risk assessment, Security certification and accreditation, Assess and Authorize (A&A), Risk analysis, Trending analysis, Event and Incident analysis
• Document current security posture, identify vulnerabilities, and provide mitigation recommendations
• Perform other job-related duties as assigned

Skills

• Bachelor's Degree in Computer Science, Information Systems, or a related field
• Minimum three (3) years of IT experience in a mid-to-large enterprise environment
• Strong knowledge of information assurance policies and procedures
• Experience supporting software, system, and enclave authorization and accreditation processes
• Knowledge of systems architecture, security risk analysis, risk mitigation reporting, and vulnerability assessments
• Experience supporting cybersecurity regulatory compliance and program management initiatives
• Extensive experience with: SCCM, Group Policy Management, Active Directory Services, Operating System image management, Patch management, Security update deployment
• Extensive experience conducting ACAS scans, reporting, and remediation
• Knowledge of eMASS and POA&M management
• Skilled in RMF implementation and continuous monitoring
• Experience creating and testing Continuity of Operations Plans (COOP)
• Experience reviewing security logs, SCAP scans, and HBSS reports
• Ability to deploy applications and operating system images through enterprise ticketing systems
• Ability to validate deployed images are free from vulnerabilities before release
• Ability to analyze cybersecurity risks and provide effective mitigation strategies
• Security+ Certification required
• Ability to obtain and maintain a Public Trust
• Must pass pre-employment qualifications

Benefits

• Medical
• Dental
• Vision
• 401(k)
• Other possible benefits as provided

Company Overview