Job opening: Cybersecurity Analyst (Validator) NF5
Salary: $100 000 - 125 000 per year
Published at: Dec 06 2023
Employment Type: Full-time
Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community. We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.
Duties
The Cybersecurity Analyst will serve within the Enterprise Cybersecurity and Compliance Office as a Validator. The validator will examine through demonstration, inspection, or analysis the extent to which a system or application meets a set of security requirements as specified by the Authorizing Official (AO), governing instructions, and directives. The Security Control Validator (SCV) develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating IT.
Requirements
- See Duties and Qualifications
Qualifications
Bachelors¿ Degree in Information Technology or Business related field appropriate to the work of position OR five years of experience performing specific tasks for Independent Verification and Validation (IV&V), security assessments, risk assessments, or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates that the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above.Certification as an Information Systems Security Professional (CISSP) is required or equivalent level education and appropriate experience with DoD system security and information assurance (IA) policy and procedures.As an authorized and privileged user of Department of Defense Information Systems must fulfill the requirement to complete DoD Workforce Improvement Program certification (8570.01-M) as a condition of access within six months of employment.Expertise in: Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.Ability to analyze test data. Ability to collect, verify, and validate test data. Ability to translate data and test results into evaluative conclusions. Ability to ensure security practices are followed throughout the acquisition process.Ability to share meaningful insights about the context of an organization¿s threat environment that improve its risk management posture.Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).Ability to produce technical documentationAbility to conduct vulnerability scans and recognize vulnerabilities in security systemsAbility to prepare and present briefingsAbility to answer questions in a clear and concise mannerAbility to communicate effectively when writingProficient in/Experience with:Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.Skill in assessing the robustness of security systems and designs.Skill in conducting test events.Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).Skill in determining an appropriate level of test rigor for a given system.Skill in developing operations-based testing scenarios.Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.Skill in mimicking threat behaviors.Skill in writing test plansSkill in performing impact/risk assessmentsSkill in preparing Test & Evaluation reports Skill in running Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark, compliance checks, and security configuration reviews. Skill in system administration of Active Directory, Microsoft System Center Configuration Manager (SCCM)Greater than five years¿ experience in: all aspects of Information Assurance / Cyber Security, Information Security, and Network Security Programs for the USN and USMC; RMF, network defense, risk and compliance assessment, remediation, and mitigation; system and network engineering, administration, and security; physical security; forensic investigations; vulnerability scanning, analysis, remediation, and reporting; incident handling and responseExtensive experience in developing plans and schedules, estimating resource requirements, defining milestones and deliverables, monitoring activities, and evaluating and reporting accomplishments and deficienciesSkill in documenting security compliance related correspondence required by governing authorities and documenting instructions, guidance, and procedures to specified audiencesBroad Knowledge of:Knowledge of computer networking concepts and protocols, and network security methodologies.Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.Knowledge of cybersecurity and privacy principles.Knowledge of cyber threats and vulnerabilities.Knowledge of specific operational impacts of cybersecurity lapses.Knowledge of federal government enterprise information security architecture framework.Knowledge of authorization and assessment evaluation and validation requirements.Knowledge of Security Assessment and Authorization process.Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).Knowledge of network hardware devices and functions.Knowledge of Risk Management Framework (RMF) requirements.Knowledge of network traffic analysis methods.Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org).Knowledge of systems testing and evaluation methods.Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161).Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).Knowledge of Personally Identifiable Information (PII) data security standards.Knowledge of Payment Card Industry (PCI) data security standards.Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.May serve as a liaison for communication and response to task orders issued by Marine Forces Cyber Command (MARFORCYBER), HQMC C4, Marine Corps Installations Command (MCICOM), and Marine Corps Systems Command (MCSC) for all Information Technology and Cybersecurity initiatives.This position has been designated as a position of trust. The incumbent must be eligible for an Access National Agency Check and Inquiries (ANACI/ Tier 3) background investigation to review and respond to SIPRNet Task Orders (TASKORD), Warning Orders (WARNORD), Fragmentary Orders (FRAGO), and Operational Directives (OPDIRS) for all Cybersecurity Incident Response tasks. Appointment and continued employment is subject to a favorable adjudication of the security investigation.Eligible for incremental telework as determined by MR/MF policy.
Contacts
- Address BUSINESS AND SUPPORT SERVICES
DIVISION
3044 CATLIN AVE
QUANTICO, VA 22134-5003
USA
- Name: BUSINESS AND SUPPORT SERVICES
- Phone: 703/432-0435
- Email: [email protected]
Map