Cybersecurity Analyst - Mid Level

Responsibilities

• Perform cybersecurity tasks for Global Combat Support System- Marine Corps (GCSS-MC) applications, components, sub-components, and environments in support of the GCSS-MC system, cloud migration effort, and audit remediation.
• Provide documentation annually that all personnel have obtained and maintained their DoD 8140 required certification.
• Confirm compliance of all personnel's annual IA awareness training status to the GCSS-MC PMO information systems security manager (ISSM).
• Follow DoD/US Navy/Marine Corps cybersecurity processes and procedures to protect U.S. Government sensitive information.
• Support GCSS-MC cloud migration and audit, update all GCSS-MC cybersecurity documentation in accordance with DOD policy and instruction as required by the ISSM and upload that documentation to a location identified by the ISSM where it is accessible to authorized individuals.
• Use the Government cybersecurity tool, Marine Corps Certification and Accreditation Support Tool (MCCAST), to manage Assessment and Authorization (A&A) documentation and workflow.
• Verify registration of all software used in the LI2S-MC portfolio of systems in the Department of the Navy Application and Database Management System (DADMS).
• Maintain DADMS, DoD Directive Information Technology Portfolio Repository-Department of the Navy (DITPR-DoN), data center inventory site, and other database repositories containing PM LI2S-MC data.
• Verify and validate that security updates and patches are tested and applied to software and operating systems and document all findings in a weekly report.
• Generate software quality code reviews with Government provided automated tool(s).
• Maintain a security Plan of Action and Milestones (POA&M) that lists all vulnerabilities identified by every assessment, and when that assessment identified the vulnerability, in accordance with DoD and USMC Risk Management Framework policies.
• Review, implement, and maintain the role-based access controls (RBAC) in support of the GCSS-MC and sub-components privileged user access.
• Review information assurance vulnerability management (IAVMs), communications tasking orders (CTOs), Marine Corps directives (MCDs), operational directives (OPDIRs), vulnerability alerts, and vendor notifications to determine applicability to GCSS-MC/LCM Family of Systems (FoS) and to assess impact and provide assessment to the ISSM.
• Track, report status, and provide remediation suggestions for the vulnerabilities.
• Support all activities required for maintaining the authority to operate (ATO) and Federal Information Security Management Act (FISMA) compliances including Annual Security Reviews, Annual Security Control testing, Annual Contingency Plan testing, and quarterly update and submission of a quarterly Plan of Action and Milestones (POA&M).
• Generate a cybersecurity detailed test plan (DTP) required when testing for accreditation that identifies specifically how the system should be tested.
• Conduct thorough risk assessment that identifies the security posture of the system.
• Conduct testing (pre/post) scans for the LI2S-MC systems/requirements related to system accreditations.
• Participate in cybersecurity discussions and vulnerability assessment scan reviews and provide technical guidance and solutions implementing cybersecurity best practices aligned with applicable security technical implementation guides (STIGs).
• Generate, review, and update cybersecurity documentation as required by MCSC risk management framework (RMF) processes.
• Support cyber readiness inspection (CRI) and IV&V events as required by the GCSS-MC PMO ISSM including reviewing and updating systems security documentation, performing pre-assessment scans, analyzing vulnerability scan results, analyzing and updating configuration documentation, evaluating STIGs, evaluating test results, preparing and reviewing POA&Ms, and providing remediation options for vulnerabilities.
• Identify all vulnerabilities in the Security POA&M.

Qualifications

• BA/BS degree from an accredited college or university.
• At least six (6) years of professional experience including at least four (4) years of specialized experience on high visible or mission critical projects within DoD.
• Experience with Navy or Marine Corps programs preferred.
• Proven ability to work on high visible or mission critical aspects of a given program and perform all functional duties independently.
• Ability to manage the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific task.
• Intermediate to advanced level skills in Microsoft Office software suite - Word, Excel, Outlook, PowerPoint.
• Ability to communicate effectively with all levels of employees, Government personnel, and other stakeholders.
• Strong interpersonal skills, good judgment, and the ability to lead a team or perform independently.