Maximus is seeking a Cyber Security Analyst to join our EPA ISS program. This is a remote role and requires a public trust clearance. The team supports and sustains the client’s cybersecurity program. The team provides centralized management of security assessments; proposes information security technical and administrative solutions; performs analyses to ensure security controls are consistently implemented; integrates new technology with information security standards; develops and executes plans for monitoring and assessing networks, systems and applications; and supports the sustainment of the Risk Management Framework (RMF).
The information system security analyst SME I will work with the compliance and risk management team to:
- Play a critical role in the assessment and authorization of new or existing systems.
- Collaborate with system owners and Subject Matter Experts (SMEs) in assessing the security posture of systems throughout the RMF lifecycle.
- Coordinate with stakeholders and system owners to ensure all NIST SP 800-53 controls are properly implemented and assessed throughout the ATO lifecycle.
- Coordinate with stakeholders to develop, and provide yearly reviews of, RMF system documentation, e.g., System Security Plan, Incident Response Plan, Configuration Management Plan, and Information System Contingency Plan.
Interact with team members to ensure a comprehensive accreditation package is maintained.
- Provide high-level functional systems and cloud application analysis, design, integration, documentation, and implementation advice on moderately complex problems relating to cybersecurity that require an appropriate level of knowledge of the subject matter for effective implementation.
- Apply principles, methods, and knowledge of cyber security to specific task order requirements, advanced principles, and methods to address technical cybersecurity issues.
- Develop Plan of Action & Milestones (POA&Ms) to manage the mitigation of information system security weaknesses.
- Assist other senior consultants with analysis and evaluation to develop recommendations for system improvements, optimization, development, and/or maintenance efforts in related domains.
- Bachelor’s Degree and a minimum of two (2) years of cyber security experience in governance, risk, and compliance.
- Active and current CompTIA Security+ or equivalent.
- Knowledge and understanding of the National Institute of Standards and Technology (NIST) RMF Special Publications.
- Experience in supporting the steps in the Risk Management Framework (RMF).
- Strong network, FedRAMP/Cloud security background.
- Ability to conduct security control selection, tailoring, and overlays.
- Excellent technical writing skills and RMF control knowledge (must be able to technically document assigned area of responsibility as it relates to meeting the requirements of the control).
- Experience with developing POA&Ms (must be able to technically document mitigation strategies and milestones for findings associated with assigned area of responsibility).
- Ability to work in a team or independently.
- Excellent communication skills (verbal/written).
- Excellent project planning and time management skills.
- Experience with Microsoft Office, including Word, Excel, and PowerPoint.
- Ability to assimilate multiple inputs into a cohesive output/strategy.
- Experience with public speaking and ability to conduct meetings.
Years of Experience: 2+ Years
Minimum Education Required: Bachelor's Degree
Clearance Required: Public Trust
Due to federal client requirements, only US Citizens can be considered.
Candidates must have a CompTIA Security+ certification
- CISSP/CISA/CISM/CRISC and 5+ years of cyber security experience.
- Strong network, FedRAMP/Cloud security background.
- Experience with the XACTA and Nessus scanning tools are a big plus.
Essential Duties and Responsibilities:
- Provide technical knowledge and analysis of highly specialized applications and operational environment
- Conduct A&A activities for multiple systems on the client's network, from document creation and security control implementation to assessments, reporting, and POAM creation/mitigation
- Provide high-level functional systems analysis, design, integration, documentation and implementation advice on moderately complex problems relating to cybersecurity that require an appropriate level of knowledge of the subject matter for effective implementation
- Apply principles, methods, and knowledge of cyber security to specific task order requirements, advanced principles and methods of difficult and/or narrowly defined technical problems in cybersecurity
- Assist other senior consultants with vulnerability analysis and evaluation and with the preparation of recommendations for system improvements, optimization, development, and/or maintenance efforts in related domains
- Experience with NIST guidelines
- Experience with RMF process and conducting risk assessments
- Familiarization with Xacta and vulnerability assessment reports
- Network and/or cloud security background
- Demonstrated ability to build trusted advisor relationships with clients
- Experience supporting sales and business development
- Experience with financial management
Years of Experience: 2-4
Minimum Education Required: Bachelor’s Degree