Cybersecurity Systems Analyst - Intermediate

  • Full-time

Company Description

Beaulieu & Associates, Inc. was founded in 2007 with the vision of being the antithesis of today's recruiting practices by offering a unique, high-end approach to IT Staffing and Recruiting.  Today more than ever, our clients appreciate our ability to understand their requirements and consistently find and engage great people. The depth of our offering goes way beyond traditional staffing.   In our world, integrity, trust and mutual respect encourage a spirit of true collaboration aimed at producing performance, results and overall value.

Our mission, our passion is helping people, teams and entire organizations achieve the success they desire.  Why not hire the best!

Job Description

Beaullieu & Associates is seeking candidates for Cybersecurity Systems Analyst - Intermediate position at FT Meade, Maryland.  This is a direct placement with a solid DOD Contractor.  The focus of this position will be to: 

  • Perform cybersecurity test and evaluation (T&E) of Information Technology/National Security Systems (IT/NSS) to assess system capabilities that support the protection of system data, detection of unauthorized system activities, reaction to system compromises, restoration of system capabilities, and continuous monitoring for system threats. 
  • Conduct cybersecurity T&E throughout the full system acquisition lifecycle, supporting both DCO and DoD mission systems. 
  • A cybersecurity T&E analyst follows and applies common T&E practices and DoD cybersecurity/information security directives and instructions during the following processes: identify requirements, verify user needs, develop evaluation approach, collect data, analyze data, and report on findings. 
  • Reviews, analyzes, and IT systems information security operations.  Reviews and analyzes blueprints, schematics, and technical drawings, diagrams, and specifications.  Must be able to review, analyze, and interpret customer information. 
  • Solicits system requirements and associated operational environments to produce an evaluation approach that supports T&E objectives.  Shares and briefs cybersecurity T&E project milestones to all levels of stakeholders. 
  • Conducts and may oversee cybersecurity testing of processes and products. 
  • Responsible for the design and implementation of test procedures to determine if standards and criteria are met. 

Knowledge of Continuous Monitoring and Risk Scoring (CMRS) - CMRS a web-based system, ability to conduct antivirus configuration, Security Technical Implementation Guide (STIG), and Information Assurance Vulnerability Management (IAVM) vulnerability and patch compliance are measured and reported. CMRS supports the risk-management approach to cybersecurity oversight by quantitatively displaying an organization’s security posture through the using a risk dashboards.  Using the risk dashboards, users can gather actionable direction, implement prioritized decisions, and ensure effectiveness of security controls in order to support their cybersecurity risk management duties:  Execute HP Fortify (quarterly) and ACAS (monthly) scans to monitor the baseline (per RMF continuous monitoring).

  1. Independent Verification & Validation testing - Execute required scans and validate STIG compliance: IV&V twice every quarter (once for each platform).
  2. Execute Hot Fix / patch /policy testing: once a month or as required based on criticality.
  3. Cybersecurity support – Review RMF, Interim Authorization To Test (IATT), Change Request documentation to resolve questions weekly.
  4. Cybersecurity Test and Evaluation  - Participate in the planning and performance of Security

Test and Evaluation (ST&E), Functional Testing

  1. Conduct testing of IAVM patch releases – weekly.

Qualifications

Ability to conduct Lab Based Security Testing and Evaluation (ST&E) – In order to obtain and maintain the required Authorization to Operate (ATO), the contractor shall conduct required government cybersecurity testing, assessment, and reporting on Secure Configuration Management portfolio capabilities to meet DoD/DISA security requirements including:

• Federal Information Security Management Act of 2002 (FISMA) requirements

• Federal Information Processing Standards (FIPS)

• National Institute of Standards and Technology (NIST) RMF for DoD IT A&A processes

Familiarization with All Assessment and Authorization (A&A) assessments using government approved validation tools including DISA STIGs and associated with Risk Management Framework (RMF) documentation. Ability to scanned with approved DISA systems including Retina and Assured Compliance Assessment Solution (ACAS); scanning tools such as Fortify for depth technical security audits of systems. 

  • Requires a minimum Secret Clearance
  • DoD 8570.01M IAT/IAM/IASAE Level II Certification
  • Analyst must possess experience with DoD’s defense in depth architecture; the capabilities associated with the DoD architecture; and IA/CND Policies and Procedures. 
  • Related certifications in the area of specialization may be substituted for 1 year of experience:

Additional Information

Are you interested? Please forward your resume and contact information. We will follow up with more details regarding this opportunity.  

Beaullieu & Associates is an Equal Opportunity Employer.