Information Systems Security Analyst

 @Orchard is supporting a growing Federal contract with proven capabilities in cyber security. We are seeking a skilled Information Systems Security Analyst to be proposed for a new project supporting the Navy. This role will be based out of Dahlgren, VA and will be responsible for overseeing and managing information security program implementation within organization and other areas of responsibility. If selected, you will be asked to sign a letter of intent to join the team upon program award.

As the Information Systems Security Analyst you will: 

• Manages strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources.
• Acquire and manage necessary resources, including leadership support, financial resources, and key security personnel, to support IT security goals, and reduce overall organizational risk.
• Advise and assist ISSM/ISSO in A&A process for command.
• Evaluate and support documentation, validation, and accreditation processes necessary to ensure that new IT systems meet NIST Special Publications Risk Management Framework (RMF) Cybersecurity requirements.
• Develop, review, and obtain Government approval of plans to assess security controls to include creating Security Assessment plan (SAP).
• Develop SAP and Rules of Engagement (ROE) for Government approval, outlining assessment scope, methodology, and resources.
• Conduct security control assessment, including activities such as Security Categorization Review, System Security Plan Analysis, and other assessments as defined in SAP; deliver comprehensive Security Assessment Report (SAR), documenting findings, vulnerabilities, and recommendations for remediation; include Vulnerability Assessment Report and Executive Briefing in report.
• Implement initial remediation actions based on SAR recommendations; deliver Issue Resolution Report and Remediation Status Report within timeline.
• Review, revise, develop, update, and maintain all RMF required artifacts associated with command's A&A program.
• Provide direct support for accreditation of systems/networks utilizing RMF process.
• Identify and recommend corrections for security deficiencies discovered during security and certification testing and continuous monitoring or identify risk acceptance for authorized representatives.
• Develop Plan of Actions (POAs) addressing outstanding security weaknesses identified in SAR, outlining remediation tasks and timelines; compile comprehensive Security Authorization Package, including SAR, POA, System Security Plan, and other relevant documents for Navy Authorizing Official review.
• Conduct comprehensive risk assessment, determining potential risks to organizational operations, assets, individuals, and organizations.
• Include Residual Risk Statement documenting remaining risks i; provide recommendation to NAO on residual risk acceptability, supported by Risk Acceptance Recommendation Report and briefing.
• Perform additional actions required to support electronic classroom deployment.
• Conduct Functional Area Needs Analyses and provide recommendations on Cybersecurity architecture, requirements, objectives, and policies.
• Provide research and analysis of new and emerging technologies in hardware, software, and applications and applicability to mission.
• Assess impacts of system modifications and technological advances; consult staff to gather and evaluate functional requirements, translate into technical solutions.
• Provide guidance on applicability of information systems to meet business needs.
• Guide, gather, and evaluate functional and security requirements.
• Translate requirements into guidance on applicability of information systems.
• Develop and document requirements, capabilities, and constraints for design procedures/processes; translate functional requirements into technical solutions.
• Integrate and align information security and IA policies to ensure system analyses meet security requirements.
• Specify power supply and heating, ventilation, and air conditioning (HVAC) requirements and configurations based on system performance expectations and design specifications.

Qualifications: 

• Four (4) years of experience in Cybersecurity.
• Bachelor’s Degree or CNSSI 4012 certificate or ADQ GA7 desired but not required. May substitute successful completion of at least one of the following military training courses for desired education: NEC 2779 or 3372 or CIN W-3B-1500 or A-4C-1340
• Requires a CompTIA Security+, Certified Authorization Professional (CAP), CompTIA Advanced Security Practitioner (CASP), or Project Management Professional (PMP) certification.
• Requires IAT Level II certification.
• Must maintain a Secret clearance / T3 investigation and be a U.S. citizen.