Oasis Systems, LLC is a premier provider of customer-driven, cost-effective, and quality IT and Cyber Security professional services to the DoD, FAA, NRC and other federal agencies. We strive to be an exciting and welcoming company that attracts, develops, motivates and retains the most talented, skilled, and dedicated people in the industry where they are encouraged to achieve personal excellence, purpose, and their full potential and career aspirations while supporting mission-critical national security technologies and programs. We are looking for Cyber Security Analysts to support our customer in Rockville, MD.
- EDUCATION: Bachelor’s or Master’s degree in Cyber Security, Information Assurance or a related field, or equivalent work experience.
- CERTIFICATIONS: The ideal candidate will have one or more of the following certifications: Security+, CISSP, CISA, CISM, CEH, CAP
- EXPERIENCE LEVEL:
- Entry-level: 0-2 years of relevant experience in Information Assurance, Cyber Security, or Information Technology.
- Mid-level: 3-6 years of relevant experience in Information Assurance, Cyber Security, or Information Technology.
- Senior-level: 7+ years of relevant experience in Information Assurance, Cyber Security, or Information Technology.
- SECURITY CLEARANCE: The ability to obtain an NRC Security Clearance.
- A strong understanding of FISMA and NIST Special Publications, especially NIST SP 800-37 and NIST SP 800-53.
- Experience performing security control assessments against all NIST SP 800-53 controls / families.
- Excellent written and oral communication skills; attention to detail is essential.
- Working knowledge of DISA STIGs, SCAP content, and CIS Benchmarks.
- Experience with vulnerability scanning tools, such as Tenable SecurityCenter/Nessus.
- Understanding of Cloud platforms (IaaS, PaaS, SaaS) and protections as described in FedRAMP security documentation.
- Hands-on experience with Windows Server and Linux operating systems.
- Knowledge of networking devices (e.g., routers and switches), web services (e.g., IIS, Apache Tomcat), network security appliances (e.g., firewalls, VPNs), databases (e.g., Microsoft SQL), and intrusion prevention/anti-malware software.
- Knowledge of system and application security threats and vulnerabilities.
- Proficiency with Microsoft Office applications.
- Ability to prioritize and complete tasks efficiently and effectively.
- Comfortable working individually and as part of a team.
- Scripting ability (e.g., PowerShell, VBA) is a plus.
TRAVEL: Occasional domestic travel.
- Work closely with all levels of personnel, including system administrators, Information System Security Officers (ISSOs), and Authorizing Official (AO), to support FISMA systems through the Security Assessment & Authorization (SA&A) lifecycle.
- Assess the confidentiality, integrity, and availability impact levels of information stored, possessed, and transmitted by systems to determine the FIPS 199 security categorization.
- Develop and maintain system security documentation throughout all phases of the NIST Risk Management Framework (RMF). This includes security categorizations, system security plans, system policy and procedures, privacy impact assessments, contingency plans, configuration management plans, incident response plans, vulnerability assessment reports, deviation requests, and any other documents necessary to support systems’ authorization and continuous monitoring.
- Perform detailed assessments of NIST SP 800-53 security controls and document findings in a security assessment report.
- Perform and document the results of vulnerability scans and configuration compliance checks against configuration standards such as DISA STIGs and CIS Benchmarks.
- Analyze risks identified during security control assessments and continuous monitoring activities in accordance with NIST SP 800-30. This includes making a determination regarding the likelihood and impact of the risk being exploited, along with a supporting rationale, and providing recommendations for mitigation/remediation.
- Analyze FedRAMP security packages to document and assess customer responsibility for cloud-based systems.
- Create, track, and manage system Plans of Action and Milestones (POA&Ms).
- Attend project meetings and collaborate with stakeholders to ensure security is addressed throughout the entire system lifecycle.
Oasis Systems, LLC is an equal opportunity employer and does not discriminate in hiring or employment on the basis of any legally protected characteristic including, but not limited to, race, color, religion, national origin, marital status, gender, sexual orientation, ancestry, age, medical condition, military veteran status or on the basis of physical handicap which, with reasonable accommodation, render the application to satisfactorily perform the job available.