Hood River, Oregon (Remote Possible)
We have an immediate need for a Cyber Product Security Analyst for a 6+ month contract. The role will be responsible for:
- Development and review of system security documentation
- Employs best practices when implementing security requirements within an information system including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques.
- Involved in reviewing RFP, Proposals, cyber related CDRLs, and technical artifacts (system descriptions, diagrams, configuration lists, etc.) and providing cybersecurity engineering inputs as based on DODI guidelines (NIST 800-53, DODI 8500.1, etc.) and industry best practices.
- Perform or direct ACAS security assessments of complex integrated networked environments.
- Review security assessment results and generate Risk Assessment Report (RAR) in support POA&M creation.
- Support design reviews and provide cybersecurity guidance to product.
- Support the resolution/mitigation of security vulnerabilities.
- Familiarity with Federal Risk Management Framework process and authorization package documentation.
- Knowledge of NIST 800-53 IA controls.
- Experience in reviewing and applying DISA STIGs/SRGs
- Development of automated security patch utility
- Windows system configuration, imaging, and deployment
- Ability to engage collaboratively across varied disciplines
- Must have effective group communication and presentation skills
- Familiarity with the ports, protocols, services and firewall management principles in a networked environment
Must have experience with the following toolset
- Microsoft Deployment Toolkit
- Nessus Security Center
- SCAP Compliance Checker
- DISA STIG Viewer
- MS GP Editor
For the right person, this role could be done virtually.