Cyber Security Analyst

Cyber Security Analyst

Oklahoma City, OK

Pay From: $100,000 per year

MUST:

Experienced Cyber Security Analyst

5+ years of relevant cybersecurity experience

Certification in one of: CISSP, CISM, FISMA, GCED, CASP required

Must have experience testing systems running NESSUS (Pro and SC), HP WebInspect, AppDetectivePro and analyzing results

Must have extensive experience running security assessments

Experience working with automated tools, including MetaSploit, BurpSuite, nMap, and Kali Linux

Networking knowledge in understanding architecture layers (FAA systems a plus)

Windows OS and Unix-based OS (RedHat, Solaris, etc.)

Basic database knowledge (Oracle, MS SQL, PostgreSQL, etc.)

C++ (scripting language) a plus

Must have familiarity with government Governance, Risk, and Compliance (GRC) tools such as CSAM, eMASS, and etc.

Must have a strong understanding, and knowledge of, NIST SP 800-53 rev 5 requirements and how-to tailor requirements based on agency security policies and directives

Ability to write and communicate effectively with Federal System Owners (SOs), Information System Security Officers (ISSOs), and ISS Assurance Managers

Must be articulate and a good communicator to develop detailed finding statements for discovered weaknesses and recommended actions to be completed in a Plan of Actions and Milestone.

Flexible to adapt to a changing environment and meet give hard deadline dates.

Must have a US Bachelors degree in a technical field, such as Engineering, Computer Science, Cybersecurity

DUTIES:

Participating in project/program teams and communicating results to matrixed reports

Conducting/analyzing Security Assessments on various size information systems to be granted an authority to operate (ATO), that include vulnerability scanning, and compliance audits to identify weaknesses.

Evaluating security controls to determine risk levels, mitigation strategies, and compliance with regulations that includes annual reviews and updates to address emerging threats.

Experience conducting analysis of test data, reviewing security documents such as the Security Configuration Diagram (SCD), System Security Plans (SSP), Information System Contingency Plans (ISCPs) and Security Operation Protocols (SOPs), and other artifacts collected as part of the assessment.

Developing/analyzing Security Assessment Reports and compliance with the Air Traffic Organization (ATO) baseline security controls

Understanding and knowledge of the FAA National Airspace System (NAS) and NAS operations

Understanding and knowledge of NAS technical operations maintenance processes and procedures

Understanding and technical knowledge of air traffic controls systems, including communications, navigation, surveillance, and automation systems

Knowledge of networking and various operating systems and networking devices, including Windows, Linux, Unix, and Solaris as well as Web Applications

Knowledge of the system authorization process, including initial authorization and continuous monitoring, to include review of FedRAMP packages for a given vendor

Knowledge of NIST ISS Guidance and Federal Information Security (ISS) Policy, including the Risk Management Framework (RMF)

Understanding of how Federal ISS requirements are applied during all phases of the system acquisition life-cycle, including acquisitions of Federally owned and operated systems, and Vendor owned and operated systems

Understanding and knowledge of the FAA National Airspace System (NAS) and NAS operations

Understanding and knowledge of NAS technical operations maintenance processes and procedures

Understanding and technical knowledge of air traffic controls systems, including communications, navigation, surveillance, and automation systems

*Quadrant, Inc. is an equal opportunity and affirmative action employer. Quadrant is committed to administering all employment and personnel actions on the basis of merit and free of discrimination based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or status as an individual with a disability. Consistent with this commitment, we are dedicated to the employment and advancement of qualified minorities, women, individuals with disabilities, protected veterans, persons of all ethnic backgrounds and religions according to their abilities.