Job Description
Job Description
We are an employee-centric company that truly appreciates our team members and their value to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and fostering teams that are and continue to be technically proficient and technically capable across a comprehensive range of cyber mission areas. OneZero full-time employees receive an extremely competitive benefits package that includes health/dental/vision/life insurance plans, 401K with company matching, PTO & paid holidays, employee referral program, and educational assistance. Additional details can be found on our website at: https://www.onezerollc.com/careers/
OneZero Solutions is looking for a for a focused, driven self-starter to work in a highly dynamic, cross-functional, complex IT environment. The Security Analyst (SA) will assist and support C5ISC's Vulnerability Management (VM) and tracking activities. The SA will report directly to the Cyber Operations (CyberOps) Project Manager (PM), while independently leading and or conducting enterprise and system-level Security Analyst tasks.
The successful candidate should have experience performing VM-related tasks; expert verbal and written communication skills; ability to interpret NIST and DoD guidance; and experience with industry tools, such as STIG viewer and ACAS.
Position Title: Cybersecurity Engineer
Location: Kearneysville, WV or Portsmouth, VA & Remote (hybrid 1-2 days onsite, as required)
Clearance: Secret
Responsibilities:
- Conduct reviews of NIST, OMB, DHS, DoD, FISMA policies, mandates, and vendor publications related to enterprise technologies and recommend changes to organizational policy and procedures affected by new guidance.
- Support authoritative order review, research, impact assessment, distribution, compliance determination, tracking, and reporting.
- Monitor identified vulnerabilities throughout their lifecycle from discovery to mitigation using ACAS, HBSS, STIG Viewer or other industry tools.
- Facilitate the Plan of Actions and Milestones (POA&M) program to ensure customer systems have accurately and fully provided information for POA&M activities.
- Develop, implement, validate and maintain metrics and dashboards for command consumption.
- Capture, store, analyze and present Cybersecurity data for stakeholder situational awareness at appropriate command and senior management levels both local and enterprise-wide.
- Participate in the development, review and de-confliction of customer information system security policy and standards, including writing guidelines, standards, procedures, and other technical documentation (technical roadmaps, project plans, etc.).
- Support the development and maintenance of system asset lists; hardware, and software baselines.
- Provide detailed security-related reports including data, analyses, and conclusions upon completion of tests, scans, and assessments, including mitigations and, if indicated, appropriate escalation of identified risks and vulnerabilities.
- Develop, implement, and maintain POA&M training and guidance documents for the benefit of organizational personnel
- Keep management apprised of impending areas of concern, verbally and in writing
- Comfortable conveying project/task material to individuals, small and large groups.
- Perform research to ensure knowledge proficiency remains aligned to technologies and industry best practices.
- Engage constructively within the team to identify and resolve challenges or exploit opportunities.
Required Qualifications
- DOD 8570.01M IAT Level II certification
- Experience with industry tools, such as STIG viewer and ACAS
- Experience with IAVMs, DISA STIGs, POA&Ms, and related Federal/DoD policies and regulation
- Experience with regulatory interpretation, risk analysis, systematic data gathering, and presentation
- Experience with MS Office and MS Teams
- Five (5) years of related experience
- MUST possess excellent verbal and written communication skills. MUST be comfortable discussing (both verbally and in writing) status and risks/project impacts with all levels of management and project stakeholders.
Preferred Qualifications
- IAT Level III Security Certification, in accordance with DoD 8570.01-M, Information Assurance Workforce Improvement Program; CISSP or CASP CE certification in good standing
- Bachelor's degree or higher in IT
- Experience and familiarity with DevSecOps principles especially in terms of secure coding best practices
- Background in some or all of the following: Networking, Security Engineering, Systems Engineering, Configuration Management.
OneZero Solutions is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
Job Posted by ApplicantPro