Cybersecurity System Analyst

As an Information Systems Security Officer, you will be entrusted with the critical responsibility of safeguarding the integrity of operating systems and applications. Your role will require you to adeptly identify, select, and implement the most appropriate security controls tailored to a variety of environments. You will be expected to construct and perpetually update bodies of evidence for managed information systems, custom applications, services, and networks. Your expertise will also extend to the creation and distribution of system security policies and processes, ensuring that the operational risk remains minimal. Moreover, you will be conducting internal vulnerability assessments and coordinating with external entities to facilitate audits.

Your day-to-day tasks will involve a high degree of collaboration, requiring you to work closely with other departments such as Program Management, Engineering, and Software Development to synchronize security-related activities. You will be producing comprehensive documentation to meet information security requirements, including the development of full Authorization to Operate (ATO) Packages and supporting documents like System Security Plans (SSPs), Risk Assessment Reports (RARs), Plans of Actions and Milestones (POA&Ms), Security Control Traceability Matrices (SCTMs), Requirements Traceability Matrices (RTMs), Security Life Cycle Models (SLCMs), Security Assessment Reports (SARs), Certification Test Reports, as well as Briefings and Training products. Additionally, you will play a pivotal role in facilitating a secure change management process and the associated Change Control Boards (CCB).

To excel in this role, you will benefit from a strong background in cloud and containerization technologies, specifically Azure and Kubernetes. Proficiency in Linux and an understanding of CI/CD pipelines will be crucial for your success. Your ability to navigate these tools and processes will be fundamental in executing your duties effectively. The experiences that will serve you well in this position include a history of developing and managing security documentation, a track record of successful collaboration across various functional areas, and a demonstrated capability in conducting vulnerability assessments and compliance audits. Your role is pivotal in maintaining the security posture of the organization, and your contributions will be instrumental in protecting critical information assets.

Basic Skills Requirements:

• Identify, Select, and Implement applicable security controls for various operating systems and applications


• Develop and maintain bodies of evidence (BOE) for managed information systems, custom application, services, and networks


• Develop and disseminate system security policies, processes, and likewise governing products in service of maintaining a low operational risk picture


• Conduct internal vulnerability assessments and facilitate external Audits


• Coordinate security-related tasks and activities across other functional areas E.g. Program Management, Engineering, Software Development, etc


• Produce documentation in response to, and satisfaction of information security requirements


• Develop full ATO Packages and ATO supporting documentation, such as, SSPs, RARs, POA&Ms, SCTMs, RTMs, SLCMs, SARs, Certification Test Reports, Briefings, and Training products


• Assist in a secure change management process and related Change Control Boards (CCB)


• Cloud technology familiarity, Azure preferred


• Understanding of Kubernetes and containerization technologies


• Understanding of CI/CD pipelines

#CJPosts