Security Analyst

ECS is seeking a Security Analyst to work in our Fairfax, VA office.

ECS is seeking talented professionals to join our successful and growing team in building the next-generation Continuous Diagnostics and Mitigation (CDM) Cyber data solution. The CDM Program is the Cybersecurity and Infrastructure Security Agency's (CISA) dynamic approach to strengthening the cybersecurity of Federal networks and systems through better awareness and visibility into their security posture and cyber threats. ECS is responsible for designing, building, deploying, operating, and maintaining a complete 'Data Services' solution which includes the collection, normalization, visualization, and sharing of cyber data from more than 100 Federal agencies. The CDM Data Services product is an integrated suite of multiple Commercial Off the Shelf (COTS) products, software configuration packages, and custom code which work together to operate as an integrated solution tailored to meet Department of Homeland Security (DHS) requirements.

We are seeking professionals who thrive in a dynamic, fast-paced, and highly collaborative environment where problem-solving, critical thinking, and a holistic approach to serving the mission are key. Our program operates within the Scaled Agile Framework (SAFe). An aptitude and enthusiasm for continuous learning, improvement, and cyber security is a must

ECS is seeking a talented, diligent, and energetic Security Analyst. The ideal candidate will be able to assess security risks, analyze security data, and develop and implement security strategies to protect the program's technology infrastructure and data. They will implement and support all functions related to attaining and maintaining an authority to operate to include documentation, analysis, policy compliance, and the regular execution of system security activities. They will have a deep understanding of network protocols, operating systems, and cybersecurity best practices to guard against all potential cyber threats. The ideal candidate will be able to align to the following duties:

• Assist with production-systems data management, analyzing performance, identifying problems, and developing recommendations that support cybersecurity initiatives
  • Collaborate with cross functional teams to collect, analyze, and present recommendations regarding security posture, risks, and mitigations
    • Evaluate system functions for writing security control language for the satisfaction of an authority to operate
      • Document security best practices and standard operating procedures, and collaborate with other teams to support cross cutting processes
        • Assess the impact of system vulnerabilities identified manually or by security scans, and provide courses of action recommendations and remediation support
          • Maintain system security awareness through regular monitoring and alerting
            • Maintain accuracy of all security documents necessary for compliance throughout the system's lifetime
              • Document and track POA&Ms from creation to completion
                • Create and maintain dashboards to inform cyber risk posture
                  • US citizenship with ability to obtain Public Trust Suitability
                  • Bachelor's degree or 5 years of relevant experience
                    • 3+ years operating in the Federal cyber security domain spanning governance and risk management, business continuity and disaster recovery, encryption, software development security, access control, network security / secure architecture, and security operations
                      • 3+ years implementing NIST RMF and writing security control responses across all control families
                        • 3+ years delivering Federal cybersecurity reporting and compliance requirements
                          • 3+ years evaluating system security posture from the application level to underlying infrastructure
                            • 1+ year supporting systems deployed in cloud hosting environments
                              • 1+ year experience communicating security concepts, governing policy, and compliance with both technical and non-technical personnel in oral and written mediums