The Cybersecurity Analyst will serve within the Enterprise Cybersecurity and Compliance Office as a Validator. The validator will examine through demonstration, inspection, or analysis the extent to which a system or application meets a set of security requirements as specified by the Authorizing Official (AO), governing instructions, and directives. The Security Control Validator (SCV) develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating IT.
Conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations. The position is responsible for evaluation of IT systems or its individual components to determine compliance with published standards. Plans, prepares, and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results.
Roles include:
Determine level of assurance of developed capabilities based on test results. Develop test plans to address specifications and requirements. Make recommendations based on test results. Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated. Create auditable evidence of security measures. Perform Windows registry analysis. Analyze the results of software, hardware, or interoperability testing. Perform operational testing. Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements. Provide recommendations for possible improvements and upgrades. Review or conduct audits of information technology (IT) programs and projects.
Conduct import/export reviews for acquiring systems and software. Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered. Maintain deployable cyber defense audit toolkit to support cyber defense audit missions. Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas
Make recommendations regarding the selection of cost-effective security controls to mitigate risk. Coordinate with project management, development, and other technical teams to create and submit A&A packages using (MCCAST). Perform technical testing and validation of applications, systems, and networks to evaluate levels of compliance with (STIG), and perform the formal security assessment in step 4 of the RMF process and initiate and finalize the (SAR).
Assess the implementation of security controls and hardening on various technology platforms for vulnerabilities, STIGs, security requirements guides (SRG), RMF security controls. Coordinate and interface with a team of system administrators and network engineers to complete Cybersecurity testing on systems and networks, and assist with remediation guidance and verification, in accordance with DoD, DoN, USMC, and DISA guidance.
Assists in the daily operations and development of the MR Cybersecurity program that identifies architecture, requirements, objectives and policies, personnel and processes and procedures as they relate to DOD, DON, USMC policy, standards, and guidelines. Provides security oversight for MR and subordinate commands. As a SCV, test the implementation of applicable Cybersecurity controls for an assigned MCCS system. Ensures that development, review, endorsement, and maintenance of security compliance documentation is accomplished. Validates that documentation includes the System Security Plan(s) (SSP) for all MR applications, networks, and stand-alone systems.
Performs security compliance efforts IAW the PCI, FISMA, NIST SP 800 series, FIPS series, and USMC related policies and procedures. Coordinates directly with Project Managers, service providers, consultants and other USMC commands for compliance requirements. Works directly and proactively with MCCS IT Security staff, Project Managers, IT Managers, and HQMC C4/CY to meet objectives and to ensure maximum effective use of tools, techniques, and methodologies in proposing, developing, and implementing IT solutions. Liaises with designated HQMC C4 office staffs responsible for system CY and IT Portfolio management to ensure currency with compliance matters.
Occasional travel to complete work assignments, conduct training or attend conferences and meetings may be required. This is a white-collar position where occasional lifting up to 20 lbs. may be required.