Cyber Security Analyst - Orlando, United States - Council For Logistics Research Inc

Description

The Cybersecurity Analyst will monitor vendor progress and assist with the creation and employment of methodologies, templates, guidelines, checklists, procedures, and other documents to establish repeatable processes across the information technology security services.

The analyst will aid with establishing mechanisms to promote awareness and adoption of security best practices and perform routine IT administration duties as assigned by the Information Systems Security Manager.

• Support the efforts to coordinate the Certification and Accreditation (C&A) of systems in accordance with the Risk Management Framework (RMF) outlined by the National Institute of Standards and Technology (NIST), DoD Instruction
• Support the efforts to coordinate and ensure Assess and Authorization (A&A) of systems are IAW DoD Cybersecurity (CS) A&A RMF process and/or Intelligence Community Directives (ICD) 503/Director of Central Intelligence Directive (DCID) 6/3 guidance, DoDI , DoDI and AR 252. This includes supporting development, coordination, and support of initial A&A, FISMA and reauthorization requirements.
• Support the preparation and generate required security A&A documentation and coordination with the Authorizing Official (AO) to obtain successful system accreditation. Security documentation includes, but is not limited to, artifacts required by RMF and NIST controls such as the Security Plan (SP), Continuity of Operations Plan (COOP), Configuration Management Plan (CMP) and a Plan of Action and Milestones (POA&M).
• Provide Information Assurance Vulnerability Management (IAVM) support to include assisting with dissemination, installation, Information Assurance Vulnerability Alerts (IAVA) reporting, and compliance procedures for IAVM.
• Provide configuration management support of IS software and hardware, maintain software licenses and ensure security related documentation is current and accessible to properly authorized individuals.
• Ensure log files and audits are maintained and reviewed for all systems and that authentication (e.g., password) policies are audited for compliance.
• Review and evaluate the security effects of changes to systems and networks, including interfaces with other ISs, and document changes.
• Ensure the cybersecurity posture and accreditation boundaries are not impacted during IS support and maintenance.
• Ensure no relevant security changes have been made to invalidate any previously authorized accreditation.
• Conduct periodic selfassessments, document validation results, and generate POA&M in support of the Control Approval Chain and Package Approval Chain activities in the US Army Enterprise Mission Assurance Support Service (eMASS) online database.
• Provide validation recommendations in support of formulating Interim Authorities to Test (IATT) and Authorities to Operate (ATO) A&A decisions.

• 35 years' experience with demonstrated success and increasing responsibilities.
• B.S. in Computer & Information Science with a Major in Cyber and Information Security Technology or related field.
• CompTIA Security+
• CompTIA Cloud+
• CompTIA Advanced Security Practitioner (CASP+)
• ISC2 Certified Cloud Security Professional (CCSP)
• ISACA Certified Information Security Manager (CISM)
• ISC2 Systems Security Certified Practitioner (SSCP)
• Knowledge of Microsoft (MS) Windows Server (2012 and above), Windows 10 Desktop Operating System software, MS Windows Active Directory with server administration (including Group Policy), MS SharePoint, MS O365, Amazon Web Services (AWS) FedRAMP GovCloud, Cisco VoIP phones, SAN storage systems (NetApp or similar), Cisco switches and integrated wireless technologies.
• Experience with Defense Health Agency (DHA) Cloud Computing environments is preferred.
• CLR and its subcontractors shall abide by the requirements of 41CFR a), a) and a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race, color, religion, sex, national origin, sexual orientation, and gender identity. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, gender identity and sexual orientation, protected veteran status or disability._