IA Engineer/Security Analyst I/SCA - DOJ

Job Description

Job DescriptioncFocus Software seeks an Information Assurance/Security Analyst II/SCA to join our program supporting the Department of Justice (DOJ). This position is fully remote. The position requires a Top Secret clearance.

Qualifications:

• Bachelor’s degree in Information Technology, Computer Science, or other related fields
• Active Top Secret clearance
• Must be familiar with the Risk Management Framework (RMF) and the NIST 800-53 Rev 5 controls.
• Must have experience using CSAM or other RMF approved system of record.
• Conduct an in-depth assessment of the management, operations, and technical security controls.
• Analyze information and prepare reports describing the vulnerability level of the network with specific details as to what compromises data systems.
• 2+ years of experience and hold the AWS Certified Cloud Practitioner certification and or one of the following certifications: CompTIA Security+ certification Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP or CASP+), Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP).

Duties:

• Conduct in-depth assessments of management, operational, and technical security controls within the organization’s IT environment.
• Evaluate systems in both on-premise and cloud-based infrastructures, including Amazon Web Services (AWS) platforms.
• Use tools such as CSAM (Cyber Security Assessment and Management) or other RMF-approved systems of record for documentation and reporting.
• Apply the Risk Management Framework (RMF) in all assessment activities.
• Ensure compliance with NIST 800-53 Revision 5 controls, assessing systems against federal standards for confidentiality, integrity, and availability.
• Develop and maintain plans of action and milestones (POA&Ms) to address identified security gaps.
• Analyze collected data to prepare comprehensive vulnerability assessment reports, outlining the level of risk and potential system compromise.
• Provide specific recommendations and remediation steps for discovered vulnerabilities.
• Create documentation plans to track corrective actions and maintain continuous monitoring.
• Engage in ongoing security monitoring to ensure that previously identified vulnerabilities are resolved and that new threats are promptly detected.
• Support continuous compliance with federal information assurance standards and agency-specific policies.
• Work independently and as part of a team to assess systems, communicate findings, and coordinate with system owners and other stakeholders.
• Present results and recommendations in written and oral formats that can be understood by both technical and non-technical audiences.

Powered by JazzHR

cxbcMAMViM