Job Title: Cybersecurity Risk Analyst

Solidus is searching for a Cybersecurity Risk Analyst.

How will you make an impact:
Successful individual to directly support the organization's readiness for DFARS and CMMC compliance. The position is responsible for maintaining Enterprise System Security Plan, Plans of Action and Milestones (POA&M), developing policies, plans and procedures and conducting security compliance audits, Data Security Plans (DSPs), cybersecurity risk analysis, information security risk assessments in accordance with cognizant standards, as well as information security industry best practices.

A day in the life:
• Develop policies, plans and procedures IAW Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting and Cyber Maturity Model Certification (CMMC).
• Perform risk analysis and reporting on DFARs, NIST compliance.
• Audit information systems according to NIST SP 800-37, 800-171, CMMC, and DFARs frameworks.
• Assess requirements for compliance with government regulations and prepare documentation and policy IAW requirements.
• Perform complex analysis of risk of security exceptions through the data security plan process.
• Recommend and develop mitigations to facilitate continued research despite exceptions from traditional security controls.
• Develop and enforce information security policy.
• Conduct staff security outreach and engagement.
• Assess security risks of cutting edge technology.
• Support vulnerability management operations through documentation and reporting of findings to lab leadership.
• Support incident response and remediation efforts.

What will you bring to the role:
Requirements
• US Citizenship and the ability to obtain a DoD Secret Clearance
• 3 years minimum experience
• Some local and overnight travel may be required (less than 10%)

Required Experience
• Demonstrated knowledge of the Defense Federal Acquisition Regulation Supplement, contract clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, and Cybersecurity Maturity Model Certification (CMMC) cybersecurity framework requirements and security controls
• General knowledge of enterprise security tools, such as vulnerability scanners, log aggregators, networking & firewalls, VPNs
• Familiarity with NIST SP 800-53, NIST SP 800-171, CIS Controls
• Multiple OS platforms i.e., Windows Server, Windows 10, Red Hat Enterprise Linux, Ubuntu, Mac, etc.
• DISA STIGs/SCAP
• Vulnerability Assessments
• Adversary TTPs
• Assessment and Authorization
• Computer Intrusion Investigation
• PKI, Multi-Factor Authentication, and PIV Technologies
• RMF
• BigFix IEM
• ServiceNow
• Strong presentation, verbal and writing skills

Additionally Desired
• Bachelor's Degree
• DoD Experience

What we will bring: Solidus offers you an exciting opportunity to tackle the nation's greatest challenges applying innovation and expertise to produce cutting-edge results that have a long-lasting impact. We offer outstanding benefits, generous PTO and much more! Apply today to learn why Solidus has a 4.9/5 Star rating on Glassdoor!

Req ID 4732

Solidus is an Equal Opportunity Employer and provides equal employment opportunities regarding all terms and conditions of employment to all employees and qualified applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. The Company will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application and interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request an accommodation.

Please Note: Solidus does not accept applications from agencies, 3rd party vendors, or applications with incomplete information.