Cyber Security Analyst - Clearance Required

LMI is seeking a skilled Cybersecurity Analyst with an active Secret clearance or above and a minimum five years of experience to provide support for the Army Training Information System (ATIS). The position requires experience as an Information Systems Security Officer (ISSO) with extensive knowledge in the DoD Risk Management Framework (RMF) Assessment and Authorization implementation, working knowledge of Enterprise Mission Assurance Support Service (eMASS), and thorough experience writing Program Objective and Milestone mitigations for security findings.

LMI is a consultancy dedicated to powering a future-ready, high-performing government, drawing from expertise in digital and analytic solutions, logistics, and management advisory services. We deliver integrated capabilities that incorporate emerging technologies and are tailored to customers’ unique mission needs, backed by objective research and data analysis. Founded in 1961 to help the Department of Defense resolve complex logistics management challenges, LMI continues to enable growth and transformation, enhance operational readiness and resiliency, and ensure mission success for federal civilian and defense agencies.

• This position is responsible for working with the team supporting our Army customer to ensure the appropriate administrative, physical and technical information security safeguards are implemented across the portfolio.
• Under general guidance of the Task Lead and the client, the incumbent will conduct information security assessments and testing to ensure the proper implementation of security controls across the environment. This includes populating defined security/risk assessments, identifying gaps and compensating controls, identifying remediation plans, and publishing management reports of results. This position may also participate in incident response investigations, help identify opportunities for product improvement, maintain policies and procedures that are designed to be operationally effective and efficient, and monitor compliance to policies, laws and regulations. The Senior Cybersecurity Analyst works with the Army client to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained.
• Conduct evaluations of technical and non-technical security safeguards to demonstrate and document compliance with the DoD's Risk Management Framework (RMF) requirements for security and interoperability. 
• Perform Independent Verification and Validation (IV&V) testing, to include documentation of Plan of Action and Milestones (POAM) data within the DoD system. 
• Perform risk assessments of third-party technology systems by conducting accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of DoD information and technology systems. 
• Assist the Information System Security Manager (ISSM) in managing all portfolio systems in eMASS.
• Perform system scans to ensure all portfolio systems comply with RMF and continuous monitoring requirements.
• Implement applicable RMF controls and write thorough and applicable POAM mitigations as required to meet the Army client requirements and ensure continued authority to operate.

Required Skills: 

• This position requires an active DoD Secret clearance.
• Bachelor's degree in a related discipline with a minimum of six (6)+ years relevant experience.
• IASAE II DoD Approved Baseline Certification
• Working knowledge internal controls & IT Risk Assessment and Mitigation procedures.
• Technical experience in security-related technologies such as encryption, remote access, anti-virus systems, etc.
• A basic knowledge of the 8 domains of the Common Body of Knowledge for information security:

1. 1. Security & Risk Management
   2. Asset Security
   3. Security Engineering
   4. Communications and Network Security
   5. Identity and Access Management
   6. Security Assessment and Testing
   7. Security Operations
   8. Software Development Security

Hold one or more of the following certifications:

• CASP CE – CompTIA Advanced Security Practitioner
• CISSP (or Associate) ISC2 – Certified Information Systems Security Professional
• CSSLP ISC2 – Certified Secure Software Lifecycle Professional

Desired Skills:

• Master’s degree or higher.
• SAFe Agile Practitioner certification
• AWS Certified Cloud Practitioner (CCP)