Cybersecurity Certification And Accreditation Analyst

Summary

Join Phoenix Cyber as a Cybersecurity Certification and Accreditation Analyst! This remote position offers the chance to work from home with minimal travel. You will be responsible for application security controls, RMF compliance, and Authority to Operate, serving as a Subject Matter Expert (SME) in cybersecurity. The ideal candidate possesses a Bachelor's degree in a technical field, 5+ years of relevant experience, and a DOD Secret Clearance. Experience with RMF, NIST C&A, eMASS, and DIACAP is crucial. You'll be evaluating security controls, briefing senior management, and ensuring compliance with established policies and procedures. This role requires expertise in NIST 800-53 and 800-82 security controls and proven leadership abilities.

Requirements

• Have a Bachelor's Degree in technical discipline or equivalent and 5+ years related experience
• Have 5 years of relevant Risk Management Framework (RMF) and NIST C&A experience
• Have DOD cybersecurity experience
• Have 3+ Years of experience with Enterprise Mission Assurance Support Service (eMASS)
• Have DOD Secret Clearance
• Have experience in assessing security controls and conducting authorization reviews for large, complex organizations
• Have 5+ Years of experience producing and maintaining DoD Certification & Accreditation Packages (DIACAP) or RMF package development and submission
• Have 5+ Years of experience understanding and implementing DoD, DISA, Joint Staff, CNSSI and NIST cybersecurity instructions, publications and policies
• Have 5+ Years of experience in understanding and validating NIST 800-53 Security Controls; CNSSI 1253 Security Controls and Overlays
• Demonstrate knowledge of Cyber Security and enterprise cyber security solutions

Responsibilities

• Be responsible for all application security controls, RMF compliance, and Authority to Operate
• Be key to the success of this position is the successful delivery of projects and effective communication to all levels of staff for reporting project status
• Serve as a Subject Matter Expert (SME) in cybersecurity, ensuring that all information systems are authorized in compliance with established policies and procedures
• Evaluate security controls and determine the severity of vulnerabilities, as well as briefing senior management on the progress of information systems undergoing the authorization process
• Serve as a cybersecurity Subject Matter Expert (SME) with regards to the authorization of information systems and all associated cybersecurity policies and procedures
• Be fully versed in the general tenets supporting the overall DOD implementation of its authorization process, to include supporting cybersecurity policy, procedures and processes
• Perform a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization
• Possess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization's IT infrastructure
• Conduct accurate evaluation of the level of security required
• Possess an understanding of how the security controls identified in the NIST 800-53 and NIST 800-82
• Determine the applicable severity value for an identified vulnerability (e.g., non-compliant security control), and determine the possible ramifications on the system's current or future authorization
• Brief senior management on the progress or results of an information system undergoing the authorization process
• Utilize DoD tracking systems to input/document cybersecurity deficiencies, vulnerabilities, and change requests in the appropriate tracking system for each program, e.g., Jira, HP ALM, and eMASS
• Implement, document, and maintain baseline configuration frameworks for a range of IT systems, including operating systems, and applications, with a focus on industry-recognized standards such as CIS (Center for Internet Security) and DISA STIGs (Defense Information Systems Agency Security Technical Implementation Guides)
• Assess and continuously monitor cybersecurity risk ensuring that legacy and new capabilities adhere to enterprise standards such as Risk Management Framework (RMF), Cybersecurity Framework (CSF), and National Institute of Standards and Technology (NIST)

Preferred Qualifications

• Have proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness
• Have knowledge of audit and assessment activities and processes
• Have proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously
• Have ability to interpret and communicate highly complex technical information clearly and articulately for all levels and audiences

Benefits

• Remote, work-from-home position
• Possibility of minimal travel within the continental United States