Cybersecurity Policy and Compliance Analyst<br />Key Role:<br /><br />Support the Navy Cybersecurity risk assessment team in conducting assessments of Cybersecurity risk by evaluating Navy systems and assist with drafting Cybersecurity risk reports to highlight current architecture, mitigations, and Cybersecurity risk posture. Analyze, review, and critique assessment and authorization (A&A) documentation in compliance with DoD Cybersecurity policy and agency guidance, including DoD 8500 series, CNSS 1253, and NIST special publications. Assess program security compliance, support program briefs, and coordinate and compile program security documentation for vario us programs. Provide A&A and Cybersecurity support, including risk management framework (RMF) for DoD IT, assess compliance with security te chn ical implementation guides (STIGs), review automated scans, conduct security test and evaluation (ST&E), vulnerability assessments, and computer security responses, and create and manage RMF packages us ing the Enterprise Mission Assurance Support Service (eMASS). Provide results of unresolved discrepancies to the client for incl us ion in that system's information assurance (IA) Plan of Action and Milestones (POA&M). Interact with clients to perform policy analysis and te chn ical audits. Brief client leadership on vulnerabilities in support of the government client and prepare brief slides and summary of findings analyses.<br /><br />Basic Qualifications:<br /><br />-5 years of experience with IT, including in a DoD environment<br /><br />-5 years of experience with DIACAP and NIST RMF policies , including continuo us monitoring, information system security policies , standards, and procedures<br /><br />-Experience with preparing DIACAP or RMF packages and supporting documentation and DoD A&A processes and standards<br /><br />-Experience with us ing eMASS<br /><br />-Knowledge of IA or information security (INFOSEC) concepts and requirements<br /><br />-Ability to conduct security control selection, tailoring, and overlays<br /><br />-Ability to analyze a security plan and perform system security analysis<br /><br />-Secret clearance<br /><br />-HS diploma or GED<br /><br />-DoD 8140 IAM or IAT Certification, including Security+ CE, CISM, CISSP, or CASP<br /><br />Additional Qualifications:<br /><br />-3+ years of experience with supporting Navy commands in the implementation or assessment of Cybersecurity controls or legacy DIACAP implementation<br /><br />-3 years of experience with system and network vulnerability analysis, risk assessment and risk mitigation analysis, ST&E, contingency planning, and firewall policy , ports, and protocols<br /><br />-Experience with Retina, Ness us , SCAP Compliance Checker, STIGs, hardening systems, and applying IA controls<br /><br />-Experience with supporting the Navy, NAVSEA, or NAVAIR<br /><br />-Experience with Nesses, ACAS, SCAP, and HBSS<br /><br />-Possession of excellent oral and written communication skills<br /><br />-Top Secret clearance<br /><br />-Navy Qualified Validator (NQV) Appointment or Legacy Fully Qualified Navy Validator (FQNV) Appointment<br /><br />Clearance:<br /><br />Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.<br /><br />We're an EOE that empowers our people-no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic-to fearlessly drive change.