• Help

    Duties

    Summary

    Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community. We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.

    Learn more about this agency

    Responsibilities

    The Cybersecurity Analystwill serve within the Enterprise Cybersecurity and Compliance Office as a Validator.

     Conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations. The position is responsible for evaluation of IT systems or its individual components to determine compliance with published standards. Plans, prepares, and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results.

     Roles include:

    • Determine level of assurance of developed capabilities based on test results.
    • Develop test plans to address specifications and requirements.
    • Make recommendations based on test results.
    • Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated.
    • Create auditable evidence of security measures.
    • Validate specifications and requirements for testability.
    • Perform Windows registry analysis.
    • Analyze the results of software, hardware, or interoperability testing.
    • Perform operational testing.
    • Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.
    • Develop methods to monitor and measure risk, compliance, and assurance efforts.
    • Provide recommendations for possible improvements and upgrades.
    • Review or conduct audits of IT programs and projects.
    • Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
    • Conduct import/export reviews for acquiring systems and software.
    • Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.
    • Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
    • Maintain deployable cyber defense audit toolkit to support cyber defense audit missions.
    • Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
    • Perform technical and nontechnical risk and vulnerability assessments of relevant technology focus areas.
    • Make recommendations regarding the selection of cost-effective security controls to mitigate risk.
    • Coordinate with project management, development, and other technical teams to create and submit A&A packages using the Marine Corps Certification and Accreditation Support Tool (MCCAST).
    • Perform technical testing and validation of applications, systems, and networks to evaluate levels of compliance with DoD Security technical implementation guides (STIG), and perform the formal security assessment in step 4 of the RMF process and initiate and finalize the security assessment report (SAR).
    • Assess the implementation of security controls and hardening on various technology platforms in accordance with DoD, DoN, USMC, and DISA policy and guidance for vulnerabilities, STIGs, security requirements guides (SRG), RMF security controls.
    • Coordinate and interface with a team of system administrators and network engineers to complete Cybersecurity testing on systems and networks, and assist with remediation guidance and verification, in accordance with DoD, DoN, USMC, and DISA guidance.

     Assists in the daily operations and development of the MR Cybersecurity program that identifies architecture, requirements, objectives and policies, personnel and processes and procedures as they relate to DOD, DON, USMC policy, standards, and guidelines.  Provides security oversight for MR and subordinate commands to include coordinating MR security measures, conducting analysis, periodic testing, evaluation, verification, accreditation, and review of information system installations at appropriate classification levels.  As a SCV, test the implementation of applicable Cybersecurity controls for an assigned Marine Corps Community Services system. Ensures that development, review, endorsement, and maintenance of security compliance documentation is accomplished.  Validates that documentation includes the System Security Plan(s) (SSP) for all MR applications, networks, and stand-alone systems.  Maintains the appropriate level of personal training and certification required in accordance with DoD 8570.   Develops, coordinates, and conducts security, CY, and compliance training as required.

     Performs security compliance efforts IAW the PCI, FISMA, NIST SP 800 series, FIPS series, and USMC related policies and procedures. 

    Travel Required

    25% or less - Varies

    Supervisory status

    No

    Promotion Potential

    NA

This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/601449100. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.