Must current hold and have the ability to maintain a TS/SCI with Poly.

 

We are seeking a highly experienced and motivated Information Systems Security Analyst to join a new and exciting task order. The ideal candidate will play a critical role in assisting with driving all assessment & authorization (A&A) efforts for a new data platform. Working along side a team of technical engineers, this role requires both cybersecurity experience and technical saavy.  In this role, you will use NIST 800-53 RMF framework, prepare all A&A documentation, managing milestones and work with the project team to gain an Approval to Operate a new system. This includes creating documents such as SSPs, Contingency Plans, Access Control Plans and more.

 

Responsibilities:

Serve as a security advisor for project teams on all initiatives that may have an impact on security. As part this, the ideal candidate will be able to act as liaison between the project teams and key members of cybersecurity leadership. Initiate and drive the A&A process for all new project systems. As part of A&A preparation efforts, proactively identify potential risks associated with systems and advise on mitigation strategies. Drive efforts to produce appropriate artifacts to support A&A control responses. Identify and work with key A&A stakeholders to ensure all system documentation is kept up to date and reflects current security configurations, architecture, and data flow. Participate in all A&A status and technical exchange meetings (TEM) and facilitate discussions around control responses. You will be working with non-security minded team members; you must be able to explain/breakdown controls and security concepts to help the team provide you with responses. If a protective measure is not in place, you must be able to think in terms of compensating measures and processes. Be able to analyze, interpret, and apply changes to A&A control requirements and Federal cybersecurity guidance with respect to customer systems. Be able to communicate the current state, and discuss future state, security posture of customer systems to Oracle and Customer leadership and/or via designated reporting mechanisms. Conduct thorough reviews all vulnerabilities from malware scans, as well as architecture, and defense-in-depth strategies and report findings in POA&Ms document.