Cybersecurity Analyst (Mid)

Cybersecurity Analyst (Mid)

Bowhead seeks a Mid-Level Cybersecurity Analyst to join our team supporting the Program Office for Logistics Integrated Information Solutions – Marine Corps (LI2S-MC) in Stafford, VA. The Cybersecurity Analyst will work directly with the client analyzing complex and unique technical support assignments and lead or collaborate with engineers, cybersecurity personnel, logisticians, and program analysts within a scaled agile environment.

The Senior Cybersecurity Analyst will be involved in strategic planning and decision-making related to cybersecurity initiatives within an organization. They will contribute to the development of cybersecurity policies and procedures. They will also be responsible for assessing and managing cybersecurity risks at a strategic level.

Responsibilities

• Perform cybersecurity tasks for Global Combat Support System- Marine Corps (GCSS-MC) applications, components, sub-components, and environments in support of the GCSS-MC system, cloud migration effort, and audit remediation.
• Provide documentation annually that all personnel have obtained and maintained their DoD 8140 required certification.
• Confirm compliance of all personnel's annual IA awareness training status to the GCSS-MC PMO information systems security manager (ISSM).
• Follow DoD/US Navy/Marine Corps cybersecurity processes and procedures to protect U.S. Government sensitive information.
• Support GCSS-MC cloud migration and audit, update all GCSS-MC cybersecurity documentation in accordance with DOD policy and instruction as required by the ISSM and upload that documentation to a location identified by the ISSM where it is accessible to authorized individuals.
• Use the Government cybersecurity tool, Marine Corps Certification and Accreditation Support Tool (MCCAST), to manage Assessment and Authorization (A&A) documentation and workflow. The Government shall facilitate access and training for the MCCAST tool.
• Verify registration of all software used in the LI2S-MC portfolio of systems in the Department of the Navy Application and Database Management System (DADMS).
• Maintain DADMS, DoD Directive Information Technology Portfolio Repository-Department of the Navy (DITPR-DoN), data center inventory site, and other database repositories containing PM LI2S-MC data. In addition, maintain information provided by the Government in these repositories that support acquisition and non-acquisition events.

In support of the cloud migration and audit:

• Verify and validate that security updates and patches are tested and applied to software and operating systems. Document all findings in a weekly report.
• Generate software quality code reviews with Government provided automated tool(s).
• Maintain a security Plan of Action and Milestones (POA&M) that lists all vulnerabilities identified by every assessment, and when that assessment identified the vulnerability, in accordance with DoD and USMC Risk Management Framework policies.
• Review, implement, and maintain the role-based access controls (RBAC) in support of the GCSS-MC and sub-components privileged user access.
• Review information assurance vulnerability management (IAVMs), communications tasking orders (CTOs), Marine Corps directives (MCDs), operational directives (OPDIRS), vulnerability alerts, and vendor notifications to determine applicability to GCSS-MC/LCM Family of Systems (FoS) and to assess impact and provide assessment to the ISSM.

In addition, track, report status, and provide remediation suggestions for the vulnerabilities.

• Support all activities required for maintaining the authority to operate (ATO) and Federal Information Security Management Act (FISMA) compliances.

These activities include, but are not limited to:

• Annual Security Reviews, Annual Security Control testing, Annual Contingency Plan testing, and quarterly update and submission of a quarterly Plan of Action and Milestones (POA&M).
• Support cybersecurity testing by generating:
• A cybersecurity detailed test plan (DTP) required when testing for accreditation that identifies specifically how the system should be tested
• Thorough risk assessment that identifies the security posture of the system.
• Conduct testing (pre/post) scans for the LI2S-MC systems/requirements related to system accreditations.
• Participate in cybersecurity discussions and vulnerability assessment scan reviews and provide technical guidance and solutions implementing cybersecurity best practices which will increase the security of the system and mitigate or eliminate vulnerabilities. The technical guidance and solutions must align with applicable security technical implementation guides (STIGs).
• Generate, review, and update cybersecurity documentation as required by MCSC risk management framework (RMF) processes.

Support cyber readiness inspection (CRI) and IV&V events as required by the GCSS-MC PMO ISSM. This task includes but is not limited to:

• Reviewing and updating systems security documentation, performing pre-assessment scans, analyzing vulnerability scan results, analyzing, and updating configuration documentation, evaluating STIGs, evaluating test results, preparing, and reviewing POA&Ms, and providing remediation options for vulnerabilities.
• All vulnerabilities shall be identified in the Security POA&M.
• Other duties as assigned

Qualifications

• BA/BS degree from an accredited college or university; MA/MS degree preferred.
• At least six (6) years of professional experience including at least four (4) years of specialized experience on high visible or mission critical projects within DoD.
• Experience with Navy or Marine Corps programs preferred.
• Proven ability to work on high visible or mission critical aspects of a given program and performs all functional duties independently.
• Ability to manage the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific task.
• Intermediate to advanced level skills in Microsoft Office software suite - Word, Excel, Outlook, PowerPoint.
• Ability to communicate effectively with all levels of employees, Government personnel, and other stakeholders.
• Strong interpersonal skills, good judgment, and the ability to lead a team or perform independently.

SECURITY CLEARANCE REQUIREMENTS: Must be able to maintain a security clearance at the Secret level. US Citizenship is a requirement for Secret clearance at this location.

Physical Demands:

• Must be able to lift up to 15-25 pounds
• Must be able to stand and walk for prolonged amounts of time
• Must be able to twist, bend and squat periodically