Cybersecurity Analyst

The Opportunity
NTS is seeking a Cybersecurity Analyst to provide network and systems security engineering, security tests and evaluations, and risk assessments for NAVCENT IT systems, including risk management, vulnerability assessments, security assessments, and monitoring solutions.

Key Responsibilities (Principal Duties and Accountabilities *Essential Functions)

• Assist with IA programs and policies for the NAVCENT customer to include:
• Assist the Information System Security Manager (ISSM) with the execution and management of the command's information assurance (IA) program within NAVCENT and its subordinate commands and detachments. The Contractor shall assist with the management of the NAVCENT IA program to include architecture, requirements, objectives, and policies.
• Investigate incidents and respond quickly to events;
• Provide on-call support for cybersecurity incidents and emergencies as needed.
• Assist with the development of best practices for NAVCENTs information security program;
• Review existing security policies and procedures, whether formal or informal;
• Work closely with the ISSM and staff to develop formal policies and procedures to facilitate the protection of U.S. Government sensitive unclassified and classified information and the security of various information systems and networks, e.g., NAVCENT MOC systems and Combined Enterprise Regional Information Exchange System (CENTRIXS);
• Review existing policies, procedures and guidelines and shall draft appropriate policy documents for implementations required by the ISSM. Assist appropriate government personnel in determining Cybersecurity and IA requirements, aid in the development of policies and procedures for implementation and provide support in implementing these mechanisms and processes to ensure that the policies can be enforced. This includes: Information Assurance Vulnerability Management (IAVM), IA awareness training, systems administrators' certification, cybersecurity workforce compliance, and all other activities that contribute to the successful implementation of the full range of IA policies, procedures, and guidelines.
• Assist with Certification and Accreditation (C&A) for the NAVCENT customer to include:
• Assist in the development of System Security Accreditation Agreement (SSAA) documentation in accordance with the Risk Management Framework (RMF) guidelines;
• Support performing risk assessments on systems and networks and articulate findings in a format approved by the Government;
• Review System Security Authorization Agreements (SSAA); and assemble feedback from Certification Agents (CA) and other vulnerability assessments that are used to evaluate risk;
• Assist in preparing C&A documentation for submission to the Designated Approving Authority (DAA);
• Assist systems administrators in implementing corrective actions required as a result of vulnerabilities uncovered during system security reviews;
• Maintain the C&A package repository, develop and maintain the C&A accreditation status tracking database used to record the present status of all accreditation packages as well as store/archive information on accreditation already received and systems that have since been inactivated;
• Perform other C&A duties as assigned
• Assist with Compliance for the NAVCENT customer to include:
• Assist with development and implementation of the Government's Cybersecurity compliance programs;
• Incorporate all facets of a Command Cyber Readiness Inspection (CCRI) process to include components, processes and data submission requirements that make up the CCRI into the compliance program;
• Inspect subordinate commands and provide a technical evaluation of their compliance program;
• Prioritize actions to correct compliance findings in order of severity and available resources;
• Provide status briefs and compliance reports to the ISSM as required by the Government;
• Monitor and evaluate vulnerability scans for all of the Government's assets and information systems;
• Ensure the uploading of findings into the appropriate vulnerability database for analyses;
• Track all Category (CAT) I, II, and III findings until corrected, mitigated, or a Plan of Action & Milestone (POA&M) is established;
• Ensure new installations or hardware updates have incorporated the use of the Security Technical Implementation Guides (STIG) as part of the system change
• Assist the ISSM in interpreting DOD/DON policy and shall have experience in applying STIGs on all Navy systems;
• Assist with Auditing for the NAVCENT customer to include:
• Conduct and coordinate vulnerability and reporting to ensure vulnerability patches, risk assessments and protections policies are implemented/enforced throughout the
• Government's IT portfolio;
• Carry out threat analysis;
• Monitor network traffic for security incidents and events;
• Write detailed incident response reports;
• Fix system vulnerabilities;
• Perform real-time cybersecurity monitoring, detection, and incident response across government networks and systems.
• Provide cyber threat intelligence analysis and briefings to senior leadership.
• Configure, manage, and monitor cybersecurity tools and systems such as SIEMs, IDS/IPS, endpoint protection platforms, and firewalls.
• Collaborate with cross-functional teams (network engineers, system admins, intel analysts) to ensure an integrated defense-in-depth strategy.
• Provide guidance to correct or mitigate vulnerabilities as well as perform risk assessments on systems and networks and articulate findings in a format approved by the Government.
• Support, as needed, additional hours in the event of an incident/anomaly or changing requirements that mandate such support (e.g., inspections and real-world anomalies)