(231) Cybersecurity Analyst
Company Summary
Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future.
Position Overview
The Cybersecurity Analyst (IAM 2) will support the Defense Security Cooperation Agency (DSCA) Cybersecurity (CYBR) team as a contractor by providing expertise in Risk Management Framework (RMF) activities, security control assessments, controls validation, and the Cybersecurity DevSecOps pipeline. The role involves ensuring compliance with RMF, IT, and Federal Information System Controls Audit Manual (FISCAM) guidelines and supporting the cybersecurity responsibilities detailed in the DSCA CYBR Service Catalog.
**This opportunity is contingent upon award**
Work Location
Remote
Job Responsibilities and/or Success Factors
- Assist in the evaluation and assessment of security controls to ensure they meet required standards and are effectively implemented.
- Collaborate with Security Control Assessors to review and validate security controls, ensuring compliance with RMF requirements.
- Prepare and validate security controls in accordance with RMF, IT, and FISCAM guidelines.
- Ensure that all controls are properly documented, implemented, and tested to meet compliance standards.
- Work with control owners to gather necessary evidence and documentation for control validation.
- Support all steps of the RMF process, including categorization, control selection, implementation, and assessment.
- Assist in the preparation and maintenance of RMF documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms).
- Ensure that RMF activities are aligned with DSCA CYBR responsibilities and requirements.
- Validate IT controls to ensure they are effectively mitigating risks and protecting information systems.
- Conduct regular reviews and assessments of IT controls to identify any gaps or weaknesses.
- Provide recommendations for improving IT controls and addressing any identified deficiencies.
- Support the validation of controls in accordance with FISCAM guidelines.
- Ensure that financial and information system controls are properly implemented and functioning as intended.
- Assist in the preparation of audit documentation and responses to audit findings.
- Support the integration of security practices into the DevSecOps pipeline to ensure secure development and deployment of applications.
- Collaborate with development and operations teams to implement security controls and practices throughout the software development lifecycle.
- Monitor and assess the security of applications and systems within the DevSecOps pipeline.
- Maintain accurate and up-to-date documentation of all RMF, IT, and FISCAM controls validation activities.
- Prepare and submit regular reports on the status of security controls, RMF activities, and DevSecOps pipeline security.
- Provide detailed documentation and evidence to support security assessments and audits.
- Work closely with other cybersecurity team members, control owners, and stakeholders to ensure effective implementation and validation of security controls.
- Communicate findings, recommendations, and status updates to relevant parties in a clear and concise manner.
Education and Minimum Qualifications
- Must be a US Citizen.
- Secret clearance
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, OR an additional four years of experience
- Minimum of three years of relevant experience in cybersecurity, information assurance, or a related field.
- Experience with the Risk Management Framework (RMF) and security control assessments is highly desirable.
- Experience in IT controls validation and familiarity with Federal Information System Controls Audit Manual (FISCAM) guidelines.
- Experience in incident response, continuous monitoring, and vulnerability management.
- Certifications such as CISSP, CISM, CISA, CAP, or equivalent are highly desirable.
AAP Statement
We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.
Apply for this job
*
indicates a required field