The Laboratory is required by contract to implement provisions of the Defense Federal Acquisition Regulation Supplement, contract clause 252.204-7012, ‘‘Safeguarding Covered Defense Information and Cyber Incident Reporting.’’
A DFARS provision requires that risk to information systems be periodically assessed. A similar requirement is specified in the Risk Management Framework (RMF) and Command Cyber Readiness Inspections (CCRI) that govern collateral systems. This position performs auditing and advisory functions that satisfy these requirements.
RESPONSIBILITIES AND DUTIES
The Cybersecurity Risk Analysis Team is a Tier-3 technical analysis section within the Information Security Group. The team provides specialized technical and operational threat intelligence and analysis capabilities in support of many challenging technical security issues within the Laboratory.
The Cybersecurity Risk Analyst uses his/her technical experience to quickly understand multiple networked computer environments and determine whether the appropriate level of security measures are in-effect based on applicable security best practices and/or governing policies and regulations. This position requires collaboration with other highly skilled members of the Information Security Group, Security Services Department (SSD), and Information Services Department (ISD). The position works with both research and operations staff to provide timely and quality guidance and oversight to ensure that regulatory and compliance risks are adequately identified, communicated, and tracked for remediation. This position is primarily responsible for conducting security compliance audits, Data Security Plans (DSPs), cybersecurity risk analysis, information security risk assessments and policy, process and procedure development in accordance with cognizant DoD standards, as well as information security industry best practices. The position performs audits of classified and unclassified Information Systems (IS) to ensure compliance with applicable laws and government regulations, including the National Industrial Security Program Operation. Manual (NISPOM) guidelines regarding the protection of classified information systems, National Institute of Standards and Technology (NIST) standards and special publications, and Laboratory Information System Security Procedures. The position requires significant report writing and briefing to key staff members, Group and Division Leadership across the Laboratory. The position also requires a high level of communication skills, to include the ability to provide training and briefings to all levels of the organization. Excellent writing skills are required in order to complete extensive written reports, documenting inspection findings and observations,
Primary Duties Include:
•Audit information systems according to NIST SP 800-37 and 800-53, NISPOM and DFARs frameworks
•Perform risk analysis and reporting on DFARs, NIST RMF, and NISPOM compliance
•Perform complex analysis of the risk of security exceptions through the data security plan process
•Recommend and develop mitigations to facilitate continued research despite exceptions from traditional security controls
•Develop and enforce information security policy
•Conduct staff security outreach and engagement
•Assess security risks of cutting-edge technology
•Support vulnerability management operations through documentation and reporting of findings to lab leadership
•Provide information security data protection recommendations based on data categorization (e.g., CUI, ITAR, PII, etc)
•Support incident response and remediation efforts
• Must be a U.S. citizen with the ability to obtain and maintain a Top-Secret security clearance
• Bachelor’s degree. Preference to candidates with technical degrees in Computer Science, Information Technology, Computer Information Systems, or related field.
• Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e., CISSP, CISA) may be considered substitutes for education and experience
• CISSP, CISA, CAP, Security+, GSEC, or equivalent
• 3-5 years of experience with NIST 800-53 controls / NIST Risk Management Framework
• Experience reviewing/analyzing vulnerability scans or configuring host-based security solutions is a plus.
• Demonstrated capabilities in presenting ideas written and orally are required.
• Master’s degree in one of the above fields is preferred
• Prior experience in a DoD Industrial Security environment is preferred.
• Familiarity with requirements identified in the National Industrial Security Operations Manual (NISPOM) regarding the protection of classified information systems is preferred
WORKING LOCATIONS & ADDITIONAL INFO
• Location: Lexington, MA 02420
• Travel: Some local and overnight travel may be required (less than 10%)
• Employment Status: Full-Time Employee with full benefits (Medical, Dental, Vision, STD, LTD, PTO, Retirement)
• Other: All candidates must also successfully pass a Commercial Background Investigation (CBI). Investigation (CBI).
This job posting sets forth the authorities and responsibilities of this position, which may be changed from time to time as shall be determined.
Odyssey Systems Consulting Group, LTD. is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, national origin, disability, sexual orientation, gender identity or expression, marital status, genetic information, protected veteran status, or other factors protected by federal, state, and/or local law. This policy applies to all terms and conditions of employment, including: recruiting; hiring; placement; promotion; termination; layoff; recall; transfer; leaves of absence; compensation; and training.
- Military Leave
- On Site Cafeteria
- Vacation/paid time off
- Employee Events
- Gym Memberships
- Professional Development
- Life Insurance
- Employee Referral Program
- Medical, Dental and Vision
- Paid Holidays
- Tuition Reimbursement
- Flexible Spending Accounts
- Paid sick days
- Maternity/Paternity Paid Leave
- Retirement / Pension Plans