Security Analyst; Infosec - Level Iv

Job Description – SECURITY ANALYST (INFOSEC – LEVEL IV) (250002CZ)

Primary

Location:

NEXCOM HQ. Pay Range: $72,083 to $91,534 based on experience.

Serve as a Senior Information Security Analyst Alternate ISSM responsible for developing, maintaining, and supporting NEXCOM’s Information Assurance program and associated security controls within the NEXCOM Enterprise environment. Perform security assessments and reports, maintain the IAVM program, and ensure compliance with current DoD and DON cybersecurity policy, including the SSR process and DIACAP/RMF accreditations.

• Mentor lower-level Info Sec Analysts.
• Perform security assessments and associated reports.
• Maintain and track IAVM program compliance.
• Review and document security assessments through the SSR process to identify vulnerabilities and non‑compliance with IA standards and regulations.
• Assist CSWF‑PM with maintaining and tracking CSWF program compliance.
• Perform quarterly audit reviews and reporting.
• Expertise in compliance and regulatory requirements such as DIACAP, RMF, PCI, PII, SOX.
• Complete weekly metric reports for Code IS.
• Analyze STIG and ACAS reports and advise system administrators on acceptable mitigation measures.
• Compile all required artifacts for DIACAP and RMF Authorization packages and work through obtaining an Authorization to Operate.
• Ensure security deficiencies identified during testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative.
• Perform data security assessments against PCI DSS standards to identify areas of non‑compliance.
• Process and authorize NEXCOM system access through SAAR and PAA agreements.
• Provide system‑related input on IA security requirements for statements of work and other procurement documents.
• Perform other related duties as assigned.

Required Qualifications

• U.S. Citizen.
• Minimum 7 years of relevant experience:
  • Three years in certification and accreditation work.
  • Four years in at least two of the following: security control assessments and reports; research and analysis of cybersecurity policy; IT security compliance and reporting; system risk analysis; drafting DIACAP/RMF Authorization packages.
• Eligibility to obtain a Top Secret clearance within 6 months of appointment. Failure to obtain clearance will result in termination.
• Required credentials: either
• Graduate degree from an accredited university, or
• CNSSI 4012 – Senior Systems Manager, or
• Any one of the following certifications: CAP, CISM, CISSP, CASP, GSLC.
• Designation as IT‑1 (Critical – Sensitive) requiring a favorable Single Scope Background Investigation (SSBI).
• Must comply with the Cyber IT/Cybersecurity Workforce (CSWF) Program requirements, including certification matrix maintenance and 40 hours of continuous learning annually.

Compensation within the stated range is based on experience.