Professional Solutions, LLC

Senior CyberSecurity Analyst

US-VA-Alexandria
1 year ago
Secondary Job Title
N/A
Category
Cyber Security

Overview

The Senior Cybersecurity Analyst selected to perform on this contract must be flexible, articulate, educated, competent and able to fulfill a variety of cybersecurity functions, i.e., System Administrator, Enterprise Oversight, certification and accreditation, SAP and SCI certification & accreditation, Information Assurance and Technical Security for AIS, Information Technology (IT) Network Administration & Support, and Information System Security Officer support.

 

The candidate must have the ability to operate effectively under pressure adhering to the ProSol Core Values of Agility: rapid adaptation to the changing requirements and environment of our clients; Excellence: Service quality that exceeds the expectations of our clients; Integrity: Accountability and honesty−always doing the right thing; and Long Term Commitment: Unquestioned loyalty and dedication to our clients, partners and employees.

Responsibilities

  • Ensure system security requirements are addressed during all phases of DARPA program life cycles (concept development, Request for Information (RFI), Request for Proposal (RFP) or BAA, Proposal, Selection, Award, Closeout, Transition, etc.).  
  • Develop and review Automated Information System Accreditation Packages. Develop, review, endorse, and recommend action by the authorizing official (AO), delegated authorizing official (DAO), or designated approval authority (DAA) for system certification documentation.
  • Conduct quality control of system accreditation packages for completeness of accreditation artifacts within 3 duty days of receipt from the technology office security staffs or their cleared defense industry contractors and/or participating government agencies.
  • Process authorization and approval or denial documentation to the respective DAPRA AO/DAO/or DAA within 10 business days of receipt of a complete package.
  • Conduct security control assessments for the evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an AIS.
  • Provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.
  • Analyze and make recommendations in support of DARPA accredited network Configuration Control Board cases within 10 calendar days of case validation by the respective network’s Information System owner.
  • Monitor activities of DARPA accredited networks and DARPA DAO Accredited  performer networks.
  • Provide advice, assistance, and analysis of threats and vulnerabilities and risk mitigation and acceptance recommendations, as required.  Conduct certification tests that include verification that the features and assurances are functional and support accreditation.
  • Work collaboratively with the MSO/Information Technology Directorate (ITD) in the authorization and approval and continuous monitoring of DARPA unclassified and classified networks; including but not limited to:
    • DARPA Management Security System (DMSS) – Unclassified
    • DARPA Public Network (DPN) - Unclassified
    • DARPA Secret Network (DSN)/Secret Internet Protocol Router Network (SIPRNet) Connection – up to SECRET Collateral
    • DARPA Joint Worldwide Intelligence Communications System (JWICS) Network (DJN)/JWICS Connections – up to TOP SECRET SCI
    • DARPA Secure Wide Area Network (DSWAN) – up to SECRET Collateral
    • Multi-Level Security System (SAVANNAH) – up to TOP SECRET SAP and SCI
  • Review and recommend changes or amplification of policy, procedures, and strategy development.
  • Evaluate Information Assurance (IA) products and provide written recommendations as to their risk and usefulness and/or adoption for the DARPA IA mission.
  • Evaluate information technology (IT) vulnerabilities to assess whether additional safeguards are prudent and ensure certification is accomplished for each information system.
  • Develop and maintain a formal, written Information Systems Security Program SOP.
  • Ensure all Information System Security Officers (ISSO), network administrators, and other Automated Information Security (AIS) personnel, to include DARPA performers performing these functions, receive the necessary and required technical and security training to carry out their duties.
  • Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local AIS security training.
  • Maintain a repository for all system certification/accreditation documentation and modifications.
  • Coordinate AIS security inspections, tests, and reviews.
  • Prepare policies and procedures for responding to security incidents and for investigating and reporting security violations and incidents.
  • Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered.
  • Assess changes in a system, its environment, or operational needs that could affect the accreditation.
  • Ensure configuration management (CM) for security-relevant AIS software, hardware, and firmware is maintained and documented.
  • Perform system audits on multiple systems; work closely with system administrators and ensure current security measures are sufficient and in compliance with approved policies and processes.
  • Perform, and conduct training as required, for the execution of secure file transfers/trusted downloads between local systems to storage devices, this includes secure down writing of data between systems of different security levels.
  • Provide technical advice and assistance, as required, and perform technical oversight on telecommunications requirements for Collateral, SAP, and SCI systems and networks.
  • In coordination with SID Emergency Management, review and provide AIS security relevant input to DARPA Emergency/Disaster plans and procedures.

Qualifications

All cybersecurity positions also require a DoD Approved Baseline Certification as a CISSP IAW DoD 8570.1-M and relevant work experience as specified for an Information Assurance Technical (IAT) Level III or Information Assurance Management (IAM) Level II in DoD Manual 8570.1-M and must be thoroughly familiar with, understand, and be able to apply the standards and requirements contained in the following:

  • DoD Instruction 5220.22 National Industrial Security Program (NISP) Operating Manual, Chapter 8.
  • Defense Security Service Manual for the Certification and Accreditation of Classified Systems under the NISPOM Version 3.2.
  • DoD Directive 5205.16 The DoD Insider Threat Program
  • NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations.
  • DoD Joint Special Access Program Implementation Guide (JSIG).
  • Committee for National Security System Policy (CNSSP) Policy (CNSSP) No. 22 on Information Assurance Risk Management for National Security Systems.
  • CNSSP No. 26 National Policy on Reducing the Risk of Removable Media.
  • Committed for National Security Systems Directive (CNSSD) No. 504 Directive on Protecting National Security Systems From Insider Threat.
  • Committee for National Security System Instruction (CNSSI) No. 1253 Security Categorization and Control Selection for National Security Systems.
  • DoDD 8000.1, Management of DoD Information Resources and Information Technology.
  • DoD Directive 8100.2, Use of Commercial Wireless Devices, Services, and Technologies in the DoD Global Information Grid (GIG).
  • DoDD 8140.01 Cyberspace Workforce Management.
  • DoDI 8500.01 Cybersecurity
  • DoD Instruction 8510.01 Risk Management Framework (RMF) for DoD Information Technology.
  • DoD Directive 8530.1, Computer Network Defense (CND).
  • DoD Instruction 8530.2, Support to CND.
  • DoD Instruction 8551.1, Ports, Protocols, and Services Management (PPSM).
  • DoD Manual 8570.01-M Information Assurance Workforce Improvement Program.
  • DCI/D 6/3, Protecting SCI within Information Systems.
  • Intelligence Community Directive (ICD) 503.
  • Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01B Cyber Incident Handling Program.
  • Defense Federal Acquisition Regulation Supplement (DFARS) Clause 253.204-7012: Safeguarding Unclassified Controlled Technical Information.

Education & Experience Requirements

  • Bachelor’s degree in Computer Science or Information Systems with at least 12 years of specific, demonstrable, and successful experience. (A Master’s degree in Computer Science or Information Systems may substitute for 4 years of relevant experience). 
  • Must be efficient, effective, and ensure continuous support at the highest level and keep pace with the Agency’s dynamic and aggressive mission.

  • Require experience with network security devices, classified Local Area Networks, Wide Area Networks, public key infrastructure (PKI), virtual machines, and end-point security solutions. 

Security Clearance

Top Secret, Top Secret/SCI

Additional Clearance Information

  • All candidates must have an active Top Secret clearance based on an SSBI; NO interim clearances.

  • SCI is required for all positons, candidiates must be able to pass a polygraph and will be issued SCI after contract award. Normally takes 2 to 6 weeks to obtain SCI

Physical Demands

  • Work is primarily performed in an office environment. Typically employees sit comfortably to do their work, interspersed by brief periods of standing, walking, bending, carrying papers and books, and extensive periods requiring the use of computer terminals to accomplish work objectives.

Schedule

  • Monday - Friday
  • Some shift work may be required

Standard Work Hours

  • Core hours of support for the client

Travel Expectations

  • N/A

Travel Schedule

  • N/A

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed