hero

JOBS IN CHARLESTON | SC | USA
Find your next job opportunity with a selection of the most innovative companies in the Charleston region.

With 17,000 current job openings and 1,800+ startups, we have opportunities for all stages of your career.

To add your company’s job openings, email Jillian Bunting | Jbunting@crda.org

Security Analyst/Documentation SME

ECS Federal

ECS Federal

IT
Fairfax, VA, USA
Posted on Jul 31, 2024

ECS is seeking a Security Analyst/Documentation SME to work in our Fairfax, VA office (Hybrid). Please Note: This position is contingent upon contract award.

Job Description:

ECS is seeking talented professionals who love a challenge to join us in building the next-generation Continuous Diagnostics and Mitigation (CDM) Cyber data solution. The CDM Program is the Cybersecurity and Infrastructure Security Agency’s (CISA) dynamic approach to strengthening the cybersecurity of Federal networks and systems through better awareness and visibility into their security posture and cyber threats. ECS is responsible for designing, building, deploying, operating, and maintaining a complete ‘Data Services’ solution which includes the collection, normalization, visualization, and sharing of cyber data from more than 100 Federal agencies. The CDM Data Services product is a cloud-hosted solution comprised of multiple Commercial Off the Shelf (COTS), software configuration packages, and custom code which work together to operate as an integrated solution tailored to meet DHS requirements.

We are seeking professionals who thrive in a dynamic, fast-paced, and highly collaborative environment where problem-solving, critical thinking, and a holistic approach to serving the mission are key. Our program operates within the Scaled Agile Framework (SAFe). An aptitude and enthusiasm for continuous learning, improvement, and cyber security is a must!

ECS is seeking a talented, diligent, and energetic Security Analyst/Documentation SME. The ideal candidate will be able to assess security risks, analyze security data, and develop and implement security strategies to protect the program’s technology infrastructure and data. They will implement and support all functions related to attaining and maintaining an authority to operate to include documentation, analysis, policy compliance, and the regular execution of system security activities. They will have a deep understanding of network protocols, operating systems, and cybersecurity best practices to guard against all potential cyber threats. The ideal candidate will be able to align to the following duties:

  • Assist with production-systems data management, analyzing performance, identifying problems, and developing recommendations that support cybersecurity initiatives.
  • Collaborate with cross functional teams to collect, analyze, and present recommendations regarding security posture, risks, and mitigations.
  • Evaluate system functions for writing security control language for the satisfaction of an authority to operate.
  • Document security best practices and standard operating procedures, and collaborate with other teams to support cross cutting processes.
  • Assess the impact of system vulnerabilities identified manually or by security scans, and provide courses of action recommendations and remediation support.
  • Maintain system security awareness through regular monitoring and alerting.
  • Maintain accuracy of all security documents necessary for compliance throughout the system's lifetime.
  • Document and track POA&Ms from creation to completion.
  • Create and maintain dashboards to inform cyber risk posture.

Required Skills:

  • US citizenship with ability to obtain Public Trust Suitability.
  • Bachelor’s degree or 5 years of relevant experience.
  • 3+ years operating in the Federal cyber security domain spanning governance and risk management, business continuity and disaster recovery, encryption, software development security, access control, network security / secure architecture, and security operations.
  • 3+ years implementing NIST RMF and writing security control responses across all control families.
  • 3+ years delivering Federal cybersecurity reporting and compliance requirements.
  • 3+ years evaluating system security posture from the application level to underlying infrastructure.
  • 1+ year supporting systems deployed in cloud hosting environments.
  • 1+ year experience communicating security concepts, governing policy, and compliance with both technical and non-technical personnel in oral and written mediums.

Desired Skills:

  • Ability to execute agent and agentless security scans (i.e., Nessus, Burpsuite).
  • Ability to evaluate code, logic, and data flows within COTS and custom applications.
  • Familiarity with AWS’ well architected framework.
  • Familiarity with Cloud-based security requirements and implementation of best practices.
  • Familiarity with code repositories, particularly Git/GitHub.
  • Relevant cybersecurity certifications including CISSP, CISM, Security+, etc.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.