Cyber Information Assurance Analyst

We are searching for a Cyber Information Assurance Analyst to join the Risk Management Department, in Reston, VA
, in the Applied Research Laboratory (ARL) at Penn State. The CIAA evaluates system and network environments to implement effective cybersecurity programs and determines security controls and policies based on best practices, regulations, and contractual requirements. This role includes managing compliance assessments, mitigating risks to information systems, and ensuring confidentiality, integrity, and availability. CMS Division leverages M&S expertise and other resources to deliver prototypes, demonstrations, and accelerated transitions of emerging research and technologies vital to national security needs, in addition to performing research, development, testing, and evaluations facilitating innovation in practice and development of critical, in-demand capabilities.

ARL is an authorized DoD Skill Bridge partner and welcomes all transitioning military members to apply

• Conduct risk assessments and provide recommendations for system, network, and application design, implementation, and operation of departmental systems
• Conduct vulnerability assessments of departmental systems and networks to identify deviations from acceptable configurations or policies
• Meet with stakeholders regularly to assess needs and requirements at a departmental level
• Conduct vulnerability assessments of departmental systems and networks to identify deviations from acceptable configurations or policies
• Monitor the corrective actions of departmental system audits; draft documentation of Plan of Action and Milestones (POAM) for review
• Obtain certification and accreditation for departmental systems through the creation of process documentation support; may assist with unit or University wide process documentation
• Participate in the establishment of program control processes to ensure risk mitigation
• Perform periodic audits of departmental systems under general supervision
• Participate in the implementation of required policies, procedures, and configurations; make recommendations for improvements
• Participate in the preparation of requirements and procedures for forensic preservation
• Research and stay current on industry best practices

• Lead risk assessments and provide recommendations for system, network, and application design, implementation, and operation of unit-wide systems
• Lead vulnerability assessments of unit-wide systems and networks to identify deviations from acceptable configurations or policies; conduct assessments of non-standard systems
• Monitor the corrective actions of unit-wide system audits; develop and manage Plan of Action and Milestones (POAM)
• Meet with stakeholders regularly to assess needs and requirements at a unit-wide level
• Obtain certification and accreditation through the creation of process documentation; develop unit or University-wide process documentation
• Establish program control processes to ensure risk mitigation
• Perform periodic audits of systems
• Implement required policies, procedures, and configurations; make recommendations for improvements
• Develop requirements and procedures for forensic preservation
• Assist in the development and delivery of information security training material
• Assist in the development of policy, process, and standards of Cyber Incident Response Team (CIRT) program and participate in CIRT activities as needed
• May interface with external entities including law enforcement and intelligence/government agencies
• May provide guidance to lower level Analysts

Required skills/knowledge areas include:

• Windows and Linux OS
• CI/CD pipeline
• Review of hardware and software vulnerabilities
• DoD Risk Management Framework (RMF)
• Understand and enforce policies and procedures within classified space
• Previous success with collaborations in a multi-disciplinary, team-oriented culture Assured Compliance Assessment Solution (ACAS) and Security Technical Implementation Guide (STIG)
• Ability to multitask multiple programs
• Security+, CAP, GSEC or equivalent
• Active security clearance, at the Top-Secret level and possession of or eligible for SCI level

Preferred Skills/Knowledge Include:

• Development and maintenance of Security Assessment Plans, Risk Assessment Reports, and POAMs
• Containerized environments
• Gitlab and Ansible
• JIRA and Confluence
• Vulnerability scanning tools (ACAS, OpenSCAP, Trivy, Grype, etc.)
• Bachelors' degree in Information Technology, Cybersecurity or related field

Your working location will be in Reston, VA
. Questions related to flexible work should be directed to the hiring manager during the interview process. Travel is expected to be at 50% of the time to surrounding areas.

If filled as Cyber Information Assurance Analyst - Intermediate Professional, this position requires:
Bachelor's Degree 1+ years of relevant experience; or an equivalent combination of education and experience accepted…