Falconwood, Inc. is a woman/veteran-owned business providing executive level consultants and programmatic support to Department of Defense (DoD) Information Technology (IT) initiatives and programs.
We provide expert consultation on a diverse range of IT subjects focusing on acquisition strategy, implementation activities, and Cyber Security policy and engineering.
We have an immediate opening for a Cyber Security Analyst to provide cyber security support, develop, and maintain DoDI 8510.01 compliant risk management framework (RMF) authorization packages for all assigned Logistics Integrated Information Systems-Marine Corps (LI2S-MC) systems and applications.
Responsibilities
The Cyber Security Analyst:
Provide Cyber Security guidance and documentation throughout the system development life cycle for Marine Corp systems and applications
Develop and maintain detailed cybersecurity project plans for all assigned systems. Cybersecurity project plans shall identify all action items necessary to obtain and maintain, system authorization; maintain FISMA compliance and implement the systems continuous monitoring strategy; account for known system inspections, and system milestone events
The contractor shall utilize the Marine Corps Certification and Accreditation Support Tool (MCCAST) for the authoritative authorization packages as per the references:
Support the PM, Cyber Lead, and ISSM throughout all phases of the security authorization process
Oversee cybersecurity testing to assess security controls and recording security control compliance status during the continuous monitoring phase of the lifecycle
Ensure the completion of cyber related programs, projects, or tasks within estimated timeframes and budget constraints
Provide Cyber Security guidance at meetings, briefings, and design reviews, and during system development in accordance with prevailing Cyber regulations and policies
Ensure Cyber Security system designs that properly mitigate identified threats and vulnerabilities
Review and approves test and evaluation activities to validate those threats and vulnerabilities are mitigated
Perform system security reviews and Certification & Accreditation (C&A)/ Assessment and Authorization (A&A)
Conduct A&A process for IT systems and networks in accordance with the DoD Risk Management Framework process
Develop the Security Plan, Security Assessment Plan, Security Assessment Report, and Executive Summaries
Assess C&A impact based on ACAS and STIG results, and identified the strength of the mitigation or remediation
Report package status and risks weekly to senior level government leadership
Qualifications
Required Qualifications:
Minimum SECRET clearance
5+ years of direct experience in cyber security
Security plus certification
BS Degree in Cyber Security/Engineering field (e.g. Computer, Electrical, Mechanical, Systems, Security)
Experience with independently performing validator activities defined in the Navy RMF process guide and applying RMF guidance to Marine Corp or DoD A&A efforts
Marine Corps Certification and Accreditation Support Tool (MCCAST)
Experience with test and evaluation for allocating assigned security controls into assessment objectives and procedures, developing and executing Security Assessment Plans (SAP)
Experience with vulnerability assessment scanning tools and reporting, intrusion detection technologies, intrusion prevention technologies
Knowledge of DoD published Security Technical Information Guidance (STIG) requirements and implementation or compliance process
Firm understanding of DISA CAL boundaries and experience coordinating with the PPSM team to register ports not registered within the latest DISA's CAL boundary list
Firm understanding of sensitive data types and cybersecurity protections associated with that data (e.g. PII, PHI, )
Possess knowledge of current security threats, techniques, and landscape (threat vectors) as well as information systems security requirements to be implemented during system design
Experience with business/operations solution architectures (i.e. portals, service management, networks, inventory)
Skilled in project management and engineering technical management techniques, principles, and practices
Proficiency in Microsoft Office applications, particularly Visio, Word, Excel, and PowerPoint
Ability to think independently with minimal oversight, as well as demonstrate exceptional written and oral communications skills
Exemplary customer/client management skills and techniques
Desired:
MS Degree in Cyber Security/Engineering field (e.g. Computer, Electrical, Mechanical, Systems, Security)
10+ years of cyber security
IAM/IAT III - Certified Information Systems Security Professional (CISSP) Certification or equivalent
Experience with contingency planning, firewall policy, and ports and protocols, and service management
Experience with Microsoft Public Azure, Azure Pack and Azure Stack and related Microsoft technologies (Hyper-V, ADR, SCCM, SCOM)