Cyber Security Analyst
Mechanicsburg, PA 17055
Essential Duties and Responsibilities: (Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position)
* Assist with development and maintain Operational Level Agreements (OLAs) and end-to- end Standard Operating Procedures (SOPs) to identify collaborative responsibilities and support process interaction with other Government and contractor IT groups.
* Develop and maintain a detailed policy matrix mapping Federal, DoD, and local policies to the required security controls as identified by National Institute of Standards and Technology (NIST) SP 800-53 and DoDI 8510.01. Documents include but are not limited to:
* Standard Operating Procedures (SOPs)
* Agency Training (e.G., cyber awareness, computer incidents, malicious codes, etc.)
* Contingency Plan
* Security Assessment Report (SAR)
* Cybersecurity Instruction
* Concept of Operations (CONOPS)
* Incident Response Plan (IRP)
* Configuration Management Plan (CMP)
* System Authorization Access Request (SAAR)
* Vulnerability Management Plan
* System Security Plans (SSP)
* Plan of Actions and Milestones (POAMs)
* Administer CS training, to include the annual Cyber Awareness Challenge training per DoDD 8500.1 and compliance with the requirements of DoDD 8570.1 and DoD 8570-M for the IA Workforce Improvement Program (WIP).
* Provide operational risk management support for CS-managed systems, whether networked or standalone. The networks include varying security classifications, architectures, mobile devices, Virtual Private Networks (VPNs) and other remote access architectures and technologies, including Secure Socket Layer.
* Provide CS' portion of the Tier 3 Computer Network Defense (CND) services in accordance with DoDI O-8530.2, CJCSI 6510.01E, and CJCSM 6510.01.
* Support enterprise level Information Assurance Vulnerability Management (IAVM) and DoD Reporting Management and Support including vulnerability management oversight activities for all assets in the " Test" and " Production" enclaves and all standalone systems.
* Participatein the CS change management process including attending the weekly Enterprise Change Control Board (ECCB) meetings, reviewing Requests for Change (RFCs) distributed in email, and performing risk assessments on hardware and software.
* Evaluate all newly deployed servers and applications in the " Test" and " Production" enclaves and verify that the asset entries have been created in the DoD DPMS and ensure vulnerabilities have been mitigated and STIGs have been applied.
* Review applications by performing an automated and/or manual scan of the application code and report findings in the application code scan to the SA for developer or remediation.
* Plan and execute compliance, Assessment and Authorization (A&A) activities in support of CIO's role as AO for client and its subcomponents including the following tasks:
* Perform system registration in eMASS on behalf of the system owner
* Perform system registration in DITPR on behalf of the system owner
* Update eMass with IA Controls on behalf of system owner
* Update eMASS POA&M information when required on behalf of the system owner
* Provide support the DoD Risk Management Framework (RMF) for all Information Systems (IS), enclaves, and application systems under the purviewof the CIO per DoDI 8510.01.