Senior Cybersecurity Analyst

Job Description

Description

SAIC is looking for a Senior Cybersecurity Analyst with a technical background to join our team supporting an important US government agency in the National Capital Region. This is an exciting opportunity to work with a team responsible for IT Security Risk and Compliance by providing direct support to the Information System Security and Privacy Officer (ISSPO). The Senior Cybersecurity Analyst will support the IT Security management with technical review, technical solution proposal, and planning in the areas of security controls, risk assessment, issue analysis, and response development and execution. Specifically, this job requires the following:

·    Conduct detailed analysis of issues that may impact the security of the system and propose solutions for resolving the issue.

·    Conduct detailed security impact analysis for any change that introduces new (type of) hardware or software, requires modification to a security baseline, requires a new connection to an external entity, significantly changes a publicly facing application or DMZ infrastructure.

·    Provide appropriate Security Impact recommendations or information in writing to service/application owners and change coordinators.

·    Conduct risk assessments on security issues impacting the general support system and other department owned systems and propose necessary resolution(s).

·    Develop and maintain IT security controls related to and offered by the agency to the standards set forth in the NIST Special Publication 800-53 as described in Agency Security Policy. Collect information from subject matter experts to develop and validate control implementation statements.

·    Consult with subject matter experts and review approved work instructions in development of IT security controls to ensure they accurately reflect the agency control implementation.

·    Document and communicate any control deficiencies identified during control development for POA&M consideration.

·    Review outputs from POA&Ms to assess completeness and make recommendations for additional work needed or POA&M closure.

·    Support agency IT Governance, Risk and Compliance Activities such as management of standards, approvals, and waivers.

·    Support Continuous Security Monitoring of infrastructure and functional areas accordance with agency- defined parameters, for compliance with agency Security Policy (SP) and all System Security Plans (SSPs).

·    Provide expertise and assistance in the development of security policies and procedures and assist in ensuring compliance with those policies and procedures.

·    Update the agency system security documentation (SSP and other) with approved new, significant changes requiring updates including updating boundary and technical descriptions.

·    Support the PM by providing information for status reports, status briefings, schedules, project plans, etc., both in written and oral form.

Qualifications

EDUCATION & EXPERIENCE:

·    Undergraduate degree with seven years or Graduate degree with five years of Cybersecurity technology and three years of Security controls in a technical environment with a variety of IT systems.

·    One or more current Security certifications (CISSP, CISM, Security+).

·    Experience supporting a technology infrastructure team such as Networking, Windows, Azure, Unix/Linux, etc.

REQUIRED SKILLS:

·   Experience in development of technical solutions for security policies and assist ensuring compliance with those policies and procedures. 

·   Experience with National Institute of Standards and Technology (NIST) Risk Management and Cybersecurity Framework.

·   Experience with FISMA, NIST 800-53, general IT control implementation, assessment, and maintenance process.

·   Familiarity with Governance, Risk and Compliance (GRC) frameworks and tools, such as CSAM.

·   Ability to tailor information security processes and tools, based on ever evolving and changing landscapes, doctrine, and risk scenarios.

·   Ability to conduct risk assessments, evaluating and quantifying risk based on NIST guidance.

·   Ability to apply critical thinking and defend proposed resolutions.

·   Fluency in both spoken and written English, including the ability to work with highly technical and specialized content. Must be able both prepare and deliver such content, verbally and in writing, but also comprehend such content from others, in both spoken and written form.

·   Ability to prepare deliverables with sufficient quality such that very few minor, or no, edits are required to be made prior to conveyance to the client.

·   Ability to quickly review the work products of others, employ your own knowledge of federal security doctrine, and ensure that timely and accurate feedback and recommended edits are delivered to the author(s). All work products should be ready for delivery to the client after only one review has been performed.

·   Ability to work in a fast-paced environment.

·   Outstanding customer service skills.

·   Ability to document and follow processes as needed.

·   Proficiency in explaining complex policies and protocols in simple terms.

·   Ability to stay up to date on information technology trends and security standards.

·   Ability to demonstrate excellent analytical thinking and problem-solving skills to be able to assess potential risks and develop possible solutions.

Candidates for consideration must be eligible to obtain and maintain a Public Trust clearance.

DESIRED SKILLS: A comprehensive understanding of IT security controls, tools, and concepts. Functional understanding of and technical experience in IT platforms such as Microsoft, Cisco, Oracle, etc. are also a plus.

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective and efficient solutions that are critical to achieving our customers' missions.

We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.9 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.