cFocus Software Incorporated

Compensation

Full Description

cFocus Software seeks an Information Assurance/Security Analyst II/SCA to join our program supporting the Department of Justice (DOJ). This position is fully remote. The position requires a Top Secret clearance. Qualifications: • Bachelor’s degree in Information Technology, Computer Science, or other related fields • Active Top Secret clearance • Must be familiar with the Risk Management Framework (RMF) and the NIST 800-53 Rev 5 controls. • Must have experience using CSAM or other RMF approved system of record. • Conduct an in-depth assessment of the management, operations, and technical security controls. • Analyze information and prepare reports describing the vulnerability level of the network with specific details as to what compromises data systems. • 2+ years of experience and hold the AWS Certified Cloud Practitioner certification and or one of the following certifications: CompTIA Security+ certification Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP or CASP+), Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP). Duties: • Conduct in-depth assessments of management, operational, and technical security controls within the organization’s IT environment. • Evaluate systems in both on-premise and cloud-based infrastructures, including Amazon Web Services (AWS) platforms. • Use tools such as CSAM (Cyber Security Assessment and Management) or other RMF-approved systems of record for documentation and reporting. • Apply the Risk Management Framework (RMF) in all assessment activities. • Ensure compliance with NIST 800-53 Revision 5 controls, assessing systems against federal standards for confidentiality, integrity, and availability. • Develop and maintain plans of action and milestones (POA&Ms) to address identified security gaps. • Analyze collected data to prepare comprehensive vulnerability assessment reports, outlining the level of risk and potential system compromise. • Provide specific recommendations and remediation steps for discovered vulnerabilities. • Create documentation plans to track corrective actions and maintain continuous monitoring. • Engage in ongoing security monitoring to ensure that previously identified vulnerabilities are resolved and that new threats are promptly detected. • Support continuous compliance with federal information assurance standards and agency-specific policies. • Work independently and as part of a team to assess systems, communicate findings, and coordinate with system owners and other stakeholders. • Present results and recommendations in written and oral formats that can be understood by both technical and non-technical audiences.