Solidus Technical Solutions, Inc. Cybersecurity Risk Analyst in Lexington, Massachusetts
Solidus is searching for a Cyber Security Risk Analyst to assist in maintaining Enterprise System Security Plans, Plans of Action and Milestones (POA&M), developing policies, plans and procedures and conducting security compliance audits, Data Security Plans (DSPs), cybersecurity risk analysis, information security risk assessments in accordance with cognizant standards, as well as information security industry best practices. Responsibilities: * Develop policies, plans and procedures IAW Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting and Cyber Maturity Model Certification (CMMC). * Perform risk analysis and reporting on DFARs, NIST, RMF, and NISPOM compliance. * Audit information systems according to NIST SP 800-37, 800-171, CMMC and 800-53, NISPOM and DFARs frameworks. * Assess requirements for compliance with government regulations and prepare documentation and policy IAW requirements. * Perform complex analysis of risk of security exceptions through the data security plan process. * Recommend and develop mitigations to facilitate continued research despite exceptions from traditional security controls. * Develop and enforce information security policy. * Conduct staff security outreach and engagement. * Assess security risks of cutting edge technology. * Support vulnerability management operations through documentation and reporting of findings to leadership. * Support incident response and remediation efforts. Required: * US Citizenship and an Active Top Secret Security Clearance * Bachelor's degree in Computer Science, Information Technology, Computer Information Systems, or related field. Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e., CISSP, CISA) may be considered substitutes for education and experience. * 3 to 5 years of experience with NIST 800-53/800-171 controls / NIST Risk Management Framework * Demonstrated knowledge of the Defense Federal Acquisition Regulation Supplement, contract clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting and Cyber Maturity Model Certification (CMMC) cybersecurity framework requirements and security controls. * Demonstrated capabilities in presenting ideas written and orally. * Some local and overnight travel may be required (less than 10%). * Experience with the following: DISA STIGs/SCAP Adversary Tactics, Techniques, and Procedures (TTPs) Assessment and Authorization Computer Intrusion Investigation HBSS Malicious Software Reverse Engineering PKI, Multi-Factor Authentication, and PIV Technologies Risk Management Framework (RMF) BigFix IEM Configuration Management Preferred skills: * Master's degree in one of the above fields is preferred CISSP, CISA, CAP, Security+, GSEC, or equivalent. * Prior experience in a DoD Industrial Security environment. * Experience reviewing/analyzing vulnerability scans or configuring host based security solutions is a plus. * Familiarity with requirements identified in the National Industrial Security Operations Manual (NISPOM). Req ID: 4009 Applicants selected must meet eligibility requirements for access to classified information. U.S. Citizenship may be required. Solidus is an Equal Opportunity Employer and participates in E-Verify. NOTICE OF AFFIRMATIVE ACTION PLAN FOR INDIVIDUALS WITH DISABILITIES, DISABLED VETERANS AND OTHER PROTECTED VETERANS. It is the policy of this Company to seek and employ qualified individuals at all locations and facilities, and to provide equal employment opportunities for all applicants and employees in recruiting, hiring, placement, training, compensation, insurance, benefits, promotion, transfer, and termination. To achieve this, we are dedicated to taking affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, and other protected veterans. The objective in adopting the Affirmative Action Programs is to place qualified individuals with disabilities, disabled veterans and other protected veterans in all job classifications. These Affirmative Action Programs are available for inspection by any applicant or employee by contacting the Company's EEO Coordinator, in the Human Resources office, Monday through Friday, 8am to 5pm. Please Note: Solidus does not accept applications from agencies, 3rd party vendors, or applications with incomplete information.