About Falconwood, Inc:

Falconwood, Inc. is a woman/veteran-owned business providing executive level consultants and programmatic support to Department of Defense (DoD) Information Technology (IT) initiatives and programs.

We  provide expert consultation on a diverse range of IT subjects focusing on acquisition strategy, implementation activities, and Cyber Security policy and engineering.

We have an immediate opening for a Cyber Security Analyst to provide cyber security support, develop, and maintain DoDI 8510.01 compliant risk management framework (RMF) authorization packages for all assigned Logistics Integrated Information Systems-Marine Corps (LI2S-MC) systems and applications.

The Cyber Security Analyst:

• Provide Cyber Security guidance and documentation throughout the system development life cycle for Marine Corp systems and applications
• Develop and maintain detailed cybersecurity project plans for all assigned systems. Cybersecurity project plans shall identify all action items necessary to obtain and maintain, system authorization; maintain FISMA compliance and implement the systems continuous monitoring strategy; account for known system inspections, and system milestone events
• The contractor shall utilize the Marine Corps Certification and Accreditation Support Tool (MCCAST) for the authoritative authorization packages as per the references:
• Support the PM, Cyber Lead, and ISSM throughout all phases of the security authorization process
• Oversee cybersecurity testing to assess security controls and recording security control compliance status during the continuous monitoring phase of the lifecycle
• Ensure the completion of cyber related programs, projects, or tasks within estimated timeframes and budget constraints
• Provide Cyber Security guidance at meetings, briefings, and design reviews, and during system development in accordance with prevailing Cyber regulations and policies
• Ensure Cyber Security system designs that properly mitigate identified threats and vulnerabilities
• Review and approves test and evaluation activities to validate those threats and vulnerabilities are mitigated
• Perform system security reviews and Certification & Accreditation (C&A)/ Assessment and Authorization (A&A)
• Conduct A&A process for IT systems and networks in accordance with the DoD Risk Management Framework process
• Develop the Security Plan, Security Assessment Plan, Security Assessment Report, and Executive Summaries
• Assess C&A impact based on ACAS and STIG results, and identified the strength of the mitigation or remediation
• Report package status and risks weekly to senior level government leadership

Required Qualifications:

• Minimum SECRET clearance
• 5+ years of direct experience in cyber security
• Security plus certification
• BS Degree in Cyber Security/Engineering field (e.g. Computer, Electrical, Mechanical, Systems, Security)
• Experience with independently performing validator activities defined in the Navy RMF process guide and applying RMF guidance to Marine Corp or DoD A&A efforts
• Marine Corps Certification and Accreditation Support Tool (MCCAST)
• Experience with test and evaluation for allocating assigned security controls into assessment objectives and procedures, developing and executing Security Assessment Plans (SAP)
• Experience with vulnerability assessment scanning tools and reporting, intrusion detection technologies, intrusion prevention technologies
• Knowledge of DoD published Security Technical Information Guidance (STIG) requirements and implementation or compliance process
• Firm understanding of DISA CAL boundaries and experience coordinating with the PPSM team to register ports not registered within the latest DISA’s CAL boundary list
• Firm understanding of sensitive data types and cybersecurity protections associated with that data (e.g. PII, PHI, )
• Possess knowledge of current security threats, techniques, and landscape (threat vectors) as well as information systems security requirements to be implemented during system design
• Experience with business/operations solution architectures (i.e. portals, service management, networks, inventory)
• Skilled in project management and engineering technical management techniques, principles, and practices
• Proficiency in Microsoft Office applications, particularly Visio, Word, Excel, and PowerPoint
• Ability to think independently with minimal oversight, as well as demonstrate exceptional written and oral communications skills
• Exemplary customer/client management skills and techniques

Desired:

• MS Degree in Cyber Security/Engineering field (e.g. Computer, Electrical, Mechanical, Systems, Security)
• 10+ years of cyber security
• IAM/IAT III - Certified Information Systems Security Professional (CISSP) Certification or equivalent
• Experience with contingency planning, firewall policy, and ports and protocols, and service management
• Experience with Microsoft Public Azure, Azure Pack and Azure Stack and related Microsoft technologies (Hyper‐V, ADR, SCCM, SCOM)
• Familiarity with Marine Corp network architecture

130k - 145k