Description

JOB DESCRIPTION

SAIC is looking to hire a Cybersecurity Analyst to work in our San Digeo Ca location. This position supports the Assessment and Authorization (A&A) cybersecurity efforts for NIWC PAC UAVIO project. The Cybersecurity Analyst will serve as a Risk Management Framework (RMF) Subject Matter Expert (SME) by preparing and submitting Assessment and Authorization packages for UAVIO following RMF processes using the web-based Enterprise Mission Assurance Support Service (EMASS). He/she will apply the disciplines of Computer Security necessary to perform Information System Security Audits, Information System Security Assessments, Risk Management Plans, and Security architectures. Personnel must possess experience with Security Technical Implementation Guides (STIGs) and the ability to justify the technical need for applying each setting in eMASS. In addition, the personnel must stay proficient and up to date in all IA training requirements and remain current with all IA related certification as required by NIWC PAC and DOD 8570. Additionally, personnel must provide engineering and technical support for the testing of systems, software, tools and products while identifying operational and functional requirements of system and develop a system security approach, which includes but not limited to defining potential threats, vulnerabilities, safeguards, and risk factors.

ROLES AND RESPONSIBILITIES:

• Support the RMF Accreditation and Authorization (A&A) process to include developing and maintaining POA&Ms and IA artifacts, SSP maintenance, and Risk Assessment Report (RAR) as the system technical Subject Matter Expert (SME).
• Apply the disciplines of Computer Security necessary to perform Information System Security Audits, Information System Security Assessments, Risk Management Plans, and Security architectures.
• Perform periodic auditing and continuous monitoring tasks to maintain security compliance.
• Ensure Department of Defense (DOD) security policies, standards, and procedures are enforced.
• Perform vulnerability scanning and device configuration assessment using Assured Compliance Assessment Solution (ACAS) software and applicable DoD STIGs to facilitate a compliant and secure system.
• Provide applicable STIG configurations and mitigations IAW DoD guidelines
• Conduct low to high file transfers.
• Attend meetings/teleconferences and provide status/update of assigned tasks.
• Maintain knowledge of Risk Management Framework (RMF) process, National Institute of Standards and Technology (NIST) Special Publications, CNSS Instructions, Federal Information Processing Standards (FIPS) publications, Committee on National Security Systems (CNSS) instructions, and any government policies and guidance related to securely protecting platform information technology (PIT) systems.
• Stay proficient and up to date with IA and OPSEC DoD personnel training requirements.
• Possess and maintains CSWF related certification as required by NIWC PAC and DoD 8570.1 directive
• Provide experience of NIST SP 800-53, RMF implementation and provide recommendations in accordance with NIST FIPS 199.
• Monitor software compliance in the DoD Information Technology Portfolio Repository (DITPR) and DoN Application and Database Management System (DADMS).
• Help obtain an Authority to Operate (ATO) in accordance with guidance from the Navy Security Control Assessor (SCA), Navy Authorizing Official (NAO), and DoDI 8510.01 DoD Risk Management Framework (RMF).
• Provide metrics gathering/data analysis compliance with all cyber/A&A policies, audits and inspections.
• Monitor software compliance in the DoD Information Technology Portfolio Repository (DITPR) and DoN Application and Database Management System (DADMS).

Qualifications

TYPICAL EDUCATION AND EXPERIENCE: Bachelors and nine (9) years or of experience, Masters, and seven (7) or more experience, PhD and four years or more of experience

KEY SKILLS, KNOWLEDGE AND ABILITIES:

Experience:

• Five years of demonstrated experience in Risk Management Framework (RMF) to include performing ALL of the following:
• Policy development and enforcement
• eMASS package development
• Assessment and Authorization (A&A) processes
• Information Assurance Vulnerability Management (IAVM) and Computer Task Order (CTO) process and reporting
• Testing and analysis of IA controls and secure configuration using the Assured Compliance Assessment Solution (ACAS)
• Analyzing system configuration per DISA STIG using STIGviewer, SCC, and OpenSCAP
• Demonstrated knowledge of RMF National Institute of Standards & Technology (NIST)
• MS Windows
• RHEL

Certifications:

• DODI 8570-1M Cybersecurity Workforce IAT/IAM Level II or III

Requirements:

• Must be a US Citizen
• Active or interim SECRET Clearance

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.