Cybersecurity Analyst. Risk Mitigation Consulting, Inc., Northern VA area
GENERAL DESCRIPTION AND PURPOSE
The Cybersecurity Analyst will support Risk Mitigation Consulting, Inc. by providing cybersecurity support for Information Technology and Operational Technology clients. Responsibilities include providing, collecting, and analyzing cybersecurity data, author client deliverables, and reports documenting and in some cases correcting potential facility related control system cybersecurity vulnerabilities with potential impact on critical missions. The analyst will actively learn the risk-based assessment processes of teams to provide courses of action to implement countermeasures improving systems security posture. Innovation, creativity, continuous training, and staying informed on threats and mitigations in technology is a key aspect of the position.
• Analyze implemented Secure Technical Implementation Guides (STIG) controls and document countermeasures and recommend mitigations for information systems and control systems while allowing for safe and efficient operation.
• Review and analyze the cybersecurity posture of control system networks including an understanding of serial networks, their operation, and cybersecurity concerns.
• Collaborate with subject matter experts to identify best practices in support of the clients continuous monitoring strategy and risk management framework.
• Conduct field surveys and study maps, graphs, diagrams, cybersecurity vulnerability scan data, computer network traffic flows, computer network perimeter defenses and other data to identify means of mitigating control system cybersecurity concerns and weaknesses
• Collect and analyze cybersecurity and network data relating to control systems to identify potential system deficiencies and vulnerabilities to all threats and hazards
• Produce results of analysis in writing to convey complex technical issues in a logical manner understandable to non-technical individuals.
• Review and advise on policies, orders and directives as needed to improve overall cybersecurity best practices of client organization and RMC.
• Participate in conferences, working groups, meetings, training and other events, as needed
• Assist in various administrative duties, as needed, to include onboarding and development of new team members
• Adhere to all RMC company policies and consistently perform to the standards set in job description respectively ·
• Logical analysis of complex technical issues.
• Familiarity with DoD Cybersecurity, utility and building direct digital controls (DDC), SCADA, transmission and distribution, energy monitoring control systems (EMCS), and renewable energy generation
• Technical and IT audit background with practical knowledge of a wide variety of technologies, including control systems, infrastructure and operating systems, network and web infrastructures, database architecture and intrusion detection/prevention systems
• Experience planning, designing, installing, monitoring, maintaining, and supporting networks, primarily in a Depart of Defense (DoD) environment
• Familiarity with SharePoint to increase the efficiency of collaboration on documents and presentations.
• Must have excellent writing skills, strong communication abilities, good time management, computer, internet, and organizational skills
• Work confidently in a fast-paced environment with the ability to independently support multiple projects
• Ability to work in a team environment and take initiative to help ensure team tasks are successfully completed within required timelines
• Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical
• Possess strong problem-solving skills.
REQUIRED CERTIFICATION: Security +
DESIRED CERTIFICATION: CISSP
CLEARANCE: Secret or must be eligible
LOCATION: Northern VA
Travel: CONUS & OCONUS 25%