Cybersecurity Analyst (SME)

Description

Cybersecurity Analyst (SME)

About CICONIX: CICONIX LLC is a Veteran Owned Small Business specializing in business advisory and technical assistance for military health programs. We value exceptional people, unwavering integrity, inclusive collaboration, and enduring impact.

.

Location(s): Orlando, FL (on-site)

.

Position Details:

• Full-time position
• Regular weekly hours (0700-1600)
• No calls, nights, weekends, or holidays!
• Full benefit program, including: health, PTO, & 401k + contribution

.

Requirements:

• Active Secret Clearance Required
• Bachelor's degree preferred
• DHA Medical Simulation and Training experience preferred
• A minimum of IAT Level II certification IAW DODM 8570.01.

Summary:

CICONIX is seeking a Cybersecurity Analyst (SME) to support the Defense Health Agency (DHA) Medical Simulation and Training Program Management Office (MST PMO) in Orlando, FL.

.

About the Role:

• Support the efforts to coordinate the Certification and Accreditation (C&A) of systems in accordance with the Risk Management Framework outlined by the National Institute of Standards and Technology (NIST), DoD Instruction 8500.1. This includes supporting the development, coordination and support of initial C&A, Federal Information Security Management Act (FISMA) and re-accreditation requirements.
• Support the efforts to coordinate and ensure Assess and Authorization (A&A) of systems are IAW DoD Cybersecurity (CS) A&A Risk Management Framework (RMF) process and/or Intelligence Community Directives (ICD) 503/Director of Central Intelligence Directive (DCID) 6/3 guidance, DoDI 8500.01, DoDI 8510.01 and AR 25-2. This includes supporting development, coordination and support of initial A&A, Federal Information Security Modernization Act (FISMA) and re-authorization requirements.
• Provide Information Security (IS) engineering support to integrate required security characteristics and requirements into the performance objectives of the selected system. Support system security certifications to ensure that subject systems meet all applicable security regulations and standards and are able to complete successful certification test and evaluation events. In addition, the Contractor shall provide assistance to ensure that these systems are protected from known vulnerabilities.
• Support the preparation and generate required security A&A documentation and coordination with the Authorizing Official (AO) to obtain successful system accreditation. Security documentation includes, but is not limited to, artifacts required by RMF and National Institute of Standards & Technology (NIST) controls such as the Security Plan (SP), Continuity of Operations Plan (COOP), Configuration Management Plan (CMP) and when required a Plan of Action and Milestones (POA&M).
• Support the preparation and generate required security A&A documentation and coordination with the Authorizing Official (AO) to obtain successful system accreditation. Security documentation includes, but is not limited to, artifacts required by RMF and National Institute of Standards & Technology (NIST) controls such as the Security Plan (SP), Continuity of Operations Plan (COOP), Configuration Management Plan (CMP) and when required a Plan of Action and Milestones (POA&M).
• Provide Information Assurance Vulnerability Management (IAVM) support to include assisting with dissemination, installation, Information Assurance Vulnerability Alerts (IAVA) reporting, and compliance procedures for IAVM. The Contractor shall perform activities and tasks specified in AR 25-2 for PM, Information System Security Officers (ISSMs) and Information System Security Officers (ISSOs) and act as a liaison with supporting System Administrators (SA) and cybersecurity personnel to promote security in IS operations.
• Provide configuration management support of IS software and hardware, maintain software licenses and ensure security related documentation is current and accessible to properly authorized individuals.
• Ensure log files and audits are maintained and reviewed for all systems and that authentication (e.g., password) policies are audited for compliance.
• Review and evaluate the security effects of changes to systems and networks, including interfaces with other ISs, and document changes.
• Ensure cybersecurity posture and accreditation boundaries are not impacted during IS support and maintenance.
• Ensure no relevant security changes have been made to invalidate any previously authorized accreditation.
• Conduct self-assessments, document validation results and generate POA&M in support of the Control Approval Chain and Package Approval Chain activities in the US Army Enterprise Mission Assurance Support Service (eMASS) online database.
• Provide independent validation and assessment support by conducting vulnerability scans, determining Security Technical Implementation Guide (STIG) checklist compliance and reviewing a variety of DoD, Army, RMF and NIST documentation to include SP, CMP, CP and other A&A artifacts to assess the cybersecurity posture of subject systems. Once complete, the Contractor shall compile and analyze the results, document the results in eMASS and provide validation recommendations in support of formulating Interim Authorities to Test (IATT) and Authorities to Operate (ATO) A&A decisions.

.

Qualifications:

• Education:
  • Bachelor's degree preferred.
• Certification(s):
  • A minimum of IAT Level II certification IAW DODM 8570.01.
• Clearance:
  • Active Secret Clearance Required.
• Experience:
  • DHA Medical Simulation and Training experience preferred.
• Security & Background Check:
  • U.S. Citizenship and a successful background investigation are required.
  • Ability to obtain and maintain a government security clearance.
• Additional Requirements:
  • Willingness to comply with the government vaccination requirements.

This position is contingent and will begin upon contract award.

CICONIX LLC is an Equal Opportunity Employer, including disability/vets. We E-Verify all employees.

#LI-AD1