What does a typical day look like for the Staff Computer System Security Analyst?

  • Design and implement safety measures and controls. Monitor network activity to identify vulnerable points. Address privacy breaches and malware threats.
  • Support the Assessment and Authorization (A&A) processes and Information Assurance documentation for multiple analytic and mission systems across all CLINs
  • Generate and maintain the complete security Body of Evidence (BoE) while leading the A&A activities according to the Risk Management Framework (RMF) processes (ICD 503, CNSSI-1253, NIST 800-37, NIST 800-53, etc.) for all multiple information systems
  • Analyze existing security systems and make recommendations for changes or improvements
  • Prepare reports and action plans in the event that a security breech does occur
  • Monitor the network and provide early warning of abnormalities or problems\
  • Communicate the system status and keep users informed of downtime or changes to the system
  • Provide system updates and write code fixes
  • Experience working with software developers and architects to understand security requirements
  • Experience guiding the application developers on security policy, identifying security requirements, providing technical guidance for the satisfaction of requirements
  • Experience creating and managing the plan of action and milestones (POA&Ms), and working with project managers and engineers to develop schedules and engineering actions that mitigate open findings
  • Experience supporting the Continuous Monitoring of operational systems; experience monitoring and auditing operational systems for proper use

What qualifications do you look for?

  • TS/SCI with CI Polygraph
  • A BA degree
  • 10+ years supporting Assessment and Authorization (A&A) and information assurance processes and documentation using RMF
  • Experience with current security risks and protocols
  • Willingness to work on-call in the event of a security breech or other emergency
  • Excellent analytic and problem-solving skills
  • DoD Approved 8570 Baseline Certifications (eg, Security+) certifications
  • RMF, Xacta experience
  • Experience working with AWS/Google cloud-hosted information systems or applications

We’re extra impressed by:

  • Experience working with Redhat or CentOS Linux operating systems
  • Experience working in a DevSecOps environment and tool chain