Sr. Cyber Security Analyst

Information Assurance, Assessment and Authorization, eMASS, POAM, SCAP
Full Time
Telecommuting not available Travel required to 10%.

Job Description

Required Certification: DoD 8570 IAT Level II certified - requires Security + in addition to a computing environment (CE) certification (i.e. LFCS, MCSA, CCNA, etc.)

Required Clearance: TS/SCI preferred / Secret (minimum)



  • If you enjoy an employee/hacker type of culture and environment... this is the place for YOU!!
  • How about unlimited vacation??? (within reason of course!)
  • Stock Options
  • Free MacBook
  • Signing Bonus 

Company Profile:

Grimm is an exciting cyber research company involved in the latest information security.  We are involved in all aspects of cyber security including risk management, extreme testing, security evaluation, and custom development.


Position Description:

Grimm is seeking an experienced Cyber Security Analyst with DoD certification and accreditation (C&A) and hands-on IA/Cyber Security operational experience. 

  • The successful candidate will provide the Information Assurance (IA) analysis and Assessment and Authorization (A&A) expertise required to support the execution of all steps necessary for obtaining RMF accreditations and maintaining complete C&A related packages for client systems.
  • The candidate will review security requirements, products, configurations, and IA architectures to ensure the security architecture and associated accreditation documentation meets Agency and DoD IA controls and standards. 
  • The candidate will provide advice and recommendations on IA and A&A matters along with programmatic support in dynamic and challenging environments, including participating in collaboration team meetings, coaching program managers and IA/ Cyber Security practitioners through certification and compliance processes, and track critical IA/RMF processes and elements. 
  • The candidate will draft required RMF documents and artifacts in support of accreditation actions and perform A&A validation. 
  • The candidate will maintain the accurate, steady, and consistent flow of information in response to client direction through established processes.
  • The candidate will be experienced and successful at solving complex cyber security issues, enjoy working in a dynamic, responsive, and collaborative environment dedicated to the success of our customers against advanced, persistent threats.



  • 5-8 / 8-12 years of experience in A&A and information assurance including current experience, and detailed knowledge of the DoD Information Assurance processes including Risk Management Framework (RMF).
  • Knowledge of network architecture and understanding the relation to IA controls is required. Candidate experience in the Assessment and Authorization (A&A) processes specifically leveraging RMF.
  • eMASS and NIST Risk Management Framework is required.
  • Must possess the ability to identify unique system security characteristics, interview key organizational personnel, compose requisite documentation, and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices.
  • Must have the ability to communicate with and distill information from technical resources during formal and informal meetings.


Duties/Required knowledge: 

  • Provide project support/interaction between the client’s Cyber Security environment and other groups/agencies environments
  • Support C&A/A&A type activities for multiple projects/programs
  • Process refinement to align, streamline, and automate test and certification activities supporting internal and external projects SDLC processes
  • Strong background and experience supporting Risk Management Framework (RMF) and associated activities
  • Support installation and certification/vulnerability/penetration testing of infrastructure servers/ tools, COTS/GOTS products and custom applications in a virtual environment
  • Senior-level experience designing, conducting, and documenting certification and vulnerability tests and activities.
  • Background supporting structured environments (e.g., CMMI and/or ISO compliant)
  • Extensive C&A/A&A experience in a COTS intensive system environment
  • Solid understanding of Controls Validation and implementation
  • Experience with Sharepoint or similar suite of collaboration and development tools •Experience with Agile methodologies for development and test
  • Experience with eMASS / MCCAST A&A systems is required.


Daily Duties:

Manage and Employ ACAS

  • Configure scans
  • Initiate scans
  • Review results
  • Create custom reports
  • Update ACAS software and signatures

Create and Maintain Documentation

  • POAM Generation
  • POAM review
  • Report results aggregation
  • Determine applicability through research and coordination

IAVM Review

  • Determine applicability through research and coordination
  • Update documentation
  • Track status via defined methods

Manage and Employ SCAP/SCC

  • Configure scans
  • Initiate scans
  • Review results
  • Update SCAP definitions

Checklist/STIG review

  • Checklist generation and management
  • Determine availability of new STIGs
  • Update checklists to new STIG versions


Highly Desired:

Experience with specific COTS products or types of COTS/GOTS products, such as the following is highly desired:

  • HP/Fortify Security Center
  • ACAS/Nessus
  • AppScan
  • CoreInsight
  • Remedy
Dice Id : 90760744
Position Id : 392072
Have a Job? Post it