Cyber Security Technology Management Analyst
Horizon Industries Limited (HIL) is a dynamic IT and Management Consulting firm based in the Washington, DC area. We are currently seeking a Cyber Security Technology Management Analyst for a full-time position, remotely supporting the Defense Logistics Agency (DLA).
The JETS Program provides the full range of IT services, technical and management expertise that support applications, software, hardware, infrastructure, and systems, across the DLA IT Enterprise. Support is provided for information technology solutions, technical support, maintenance, and sustainment; operations support; application development, maintenance and technical support; and lifecycle management. Additionally, the program also supports administrative program management support for IT program offices and DLA Information Operations (J6) Office. The program provides support technology services across the DLA Information Operations Enterprise, the DLA Program Executive Offices (PEO), and all other technology services currently supported through DLA Contracting Services Office (DCSO) acquisitions.
The DLA PEO, J62BG, Energy Applications Program Management Office (PMO) is responsible for providing program management for production Operational Energy Applications in support of DLA Energy. DLA Energy and J62BG are managing the procurement of an Electronic Point of Sale (EPOS) turnkey solution that meets the current standards for Department of Defense (DOD) certification/accreditation and Audit Readiness. The contractor team will provide program management, DOD acquisition, and related technical expertise for integration, performance monitoring and reporting, verification and validation, and cybersecurity.
The Cyber Security Technology Management Analyst will perform audits on complex information systems, applications, and enclaves to ensure that appropriate controls exist and are correctly implemented; and that procedures comply with Federal, DOD, and DLA standards.
Duties of a Cybersecurity Technology Management Analyst may include:
- Monitors Energy Applications for Industrial Control Systems (ICS), computer-controlled electro- mechanical systems that deliver installation infrastructure services including Supervisory Control and Data Acquisition (SCADA), Distributed Control System (DCS), Energy Management Control System (EMCS), others, as applicable to specific programs
- Assesses compliance with IA policy and recommends improvements as appropriate
- Monitors Information Assurance (IA) for Energy Applications to ensure compliance with Federal, DOD and DLA IA policy
- Monitors certification and accreditation activities
- Recommends preparation updating of documentation to support Federal Information Security Management Act (FISMA) and DOD Risk Management Framework (RMF) reporting requirements
- Performs technical reviews of documented security certification results
- Assesses their comprehensiveness
- Identifies system vulnerabilities and weaknesses
- Recommends human procedures, software configuration parameters, system changes, or combinations of them to mitigate the risk associated with detected vulnerabilities that could preclude accreditations
- Analyzes vulnerability scans and Security Readiness Review (SRR) results, Security Technical Implementation Guide (STIG) compliance and deficiencies of all forms identified during internal and external IA reviews
- Tracks deficiencies and vulnerabilities from identification through implementation of adequate mitigation measures
Required Skills / Experience:
- Five (5) years of relevant experience
- Three years of working with DODI 8500.2 or NIST SP 800-53
- Demonstrated experience of at least three years with the design, maintenance and operation of highly complex and high secure communications network environments
- Multi-discipline experience with Firewall/Intrusion Prevention Systems (IPS); antivirus, host-based protection; security incident event management; virtual shared computing environments; and network/security management
- Demonstrated understanding of communication protocols, network technologies and the International Organization for Standardization (ISO) Open Systems Interconnection telecommunications model
- Knowledge of Defense Information and Accreditation Risk Management Framework (RMF) and process for system and application controls
- Knowledge of DOD/DLA security policies and compliance
- Possess a relevant certification meeting DOD 8570.01 IAM level III. One of the following:
- CISSP (or Associate)
- Possess a relevant certification meeting DOD 8570.01 IAT level II. One of the following:
- CCNA Security
- Security+ CE
- Must possess active IT-II security clearance or have a current National Agency Check with Local Agency Check and Credit Check (NACLC)
- Ten years of practical industry, government and/or consulting experience in information technology management.
- IT project management experience using various Microsoft tools
- Knowledge and experience in managing information technology services and strategies
- Proficiency in basic analytical software such as Microsoft Excel and Access, proficiency with the Microsoft Office suite, to include Word, PowerPoint and SharePoint
- Special Skills (desired but not required)
- Ten (10) years of relevant Certification and Accreditation (C&A) experience
- National Institute of Standards and Technology (NIST) C&A experience
- DOD IA experience
Education: BS or BA or four (4) additional years of related experience
Location: Remote; Washington, DC, Metropolitan Area preferred
Horizon is an Equal Employment Opportunity employer and it is our policy to consider all applicants for employment without regard to sex, race, color, creed, religion, national origin, sexual orientation, marital status, age, disability, veteran status, alienage, ancestry, citizenship status, or any other factors prohibited by law. Horizon will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Horizon’s legal duty to furnish information.