cFocus Software Incorporated

Compensation

Full Description

cFocus Software seeks an Information Assurance/Security Analyst II/SCA to join our program supporting the Department of Justice (DOJ). This position is fully remote. The position requires a Top Secret clearance. Qualifications: Bachelor’s degree in Information Technology, Computer Science, or other related fields Active Top Secret clearance Must be familiar with the Risk Management Framework (RMF) and the NIST 800-53 Rev 5 controls. Must have experience using CSAM or other RMF approved system of record. Conduct an in-depth assessment of the management, operations, and technical security controls. Analyze information and prepare reports describing the vulnerability level of the network with specific details as to what compromises data systems. 2+ years of experience and hold the AWS Certified Cloud Practitioner certification and or one of the following certifications: CompTIA Security+ certification Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP or CASP+), Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP). Duties: Conduct in-depth assessments of management, operational, and technical security controls within the organization’s IT environment. Evaluate systems in both on-premise and cloud-based infrastructures, including Amazon Web Services (AWS) platforms. Use tools such as CSAM (Cyber Security Assessment and Management) or other RMF-approved systems of record for documentation and reporting. Apply the Risk Management Framework (RMF) in all assessment activities. Ensure compliance with NIST 800-53 Revision 5 controls, assessing systems against federal standards for confidentiality, integrity, and availability. Develop and maintain plans of action and milestones (POA&Ms) to address identified security gaps. Analyze collected data to prepare comprehensive vulnerability assessment reports, outlining the level of risk and potential system compromise. Provide specific recommendations and remediation steps for discovered vulnerabilities. Create documentation plans to track corrective actions and maintain continuous monitoring. Engage in ongoing security monitoring to ensure that previously identified vulnerabilities are resolved and that new threats are promptly detected. Support continuous compliance with federal information assurance standards and agency-specific policies. Work independently and as part of a team to assess systems, communicate findings, and coordinate with system owners and other stakeholders. Present results and recommendations in written and oral formats that can be understood by both technical and non-technical audiences.