The Cyber Risk Analyst (CRA) will be responsible for analyzing infrastructure, endpoint, mobility, and network vulnerability data. They will be managing plans of action and milestones (POA&M) while also providing threat-informed guidance to decision makers within CISA OCIO. The CRA should feel comfortable diagnosing security flaws and deriving trends from various cyber security tool sets such as MS Defender (Endpoint, and Cloud Apps), MS Purview, Tenable Nessus, Crowdstrike, and Splunk. We are l... more details
Cyber Risk Analyst
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: None
Employee Type: Regular
Percentage of Travel Required: None
Type of Travel: None
* * *
CACI is seeking a Cyber Risk Analyst, supporting day-to-day operations and engineering within the Cybersecurity & Infrastructure Security Agency (CISA), a sub-agency of the Department of Homeland Security.
What You’ll Get to Do:
The Cyber Risk Analyst (CRA) will be responsible for analyzing infrastructure, endpoint, mobility, and network vulnerability data. They will be managing plans of action and milestones (POA&M) while also providing threat-informed guidance to decision makers within CISA OCIO. The CRA should feel comfortable diagnosing security flaws and deriving trends from various cyber security tool sets such as MS Defender (Endpoint, and Cloud Apps), MS Purview, Tenable Nessus, Crowdstrike, and Splunk. We are looking for someone who shows initiative and demonstrates excellent customer service and communication skills. The candidate should be well organized, results driven, and team oriented.
The Risk & Compliance Analyst will:
- Serve as the day-to-day point of contact for threat-based cyber vulnerability analysis.
- Work closely with Clients, including the Information System Security Officers/Managers (ISSO/ISSM), System Owner (SO), Product Owners (PO), and third-party support vendors to ensure accurate reporting.
- Execute program security activities including vulnerability analysis, ATO submissions, compliance assessments, security control validation, system release activities, change requests, ad-hoc client requests, security documentation updates, and Plan of Action and Milestones (POA&Ms)
- Effectively execute project plans for program security activities
- Facilitate security meetings with the clients
- Track and report on the status of work efforts and coordinate with security capability leads and cross-program teams
- Ability to be on call nights/weekends/holidays
You’ll Bring These Qualifications:
- Ability to attain DHS EOD
- BA + 7 years of experience, AA + 9, MA +4 years of experience, or 13 years of experience
- 5 or more years of experience with analyzing vulnerability scan and system log data, drafting/executing POAMs, and writing reports.
- 5 or more years of hands-on experience in enterprise IT support
- Experience with National Institute of Standards and Technology (NIST) security controls, the Governance, Risk Management, and Compliance (GRC) security documentation tool, Risk Management Framework (RMF), MITRE ATT&CK, and security compliance processes
- Experience with Security Technical Implementation Guides (STIGs).
- Ability to audit and verify security controls as part of industry standard system hardening or in accordance with customer or government requirements.
- Effective communicator at all levels, both written and verbal
These Qualifications Would be Nice to Have:
- CompTIA Security+, CISSP, Certified Ethical Hacker (CEH) or other relevant IT Security related certifications.
- Experience working with the federal government, particularly the DHS.
What We Can Offer You:
- We’ve been named a Best Place to Work by the Washington Post.
- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
- We offer competitive benefits and learning and development opportunities.
- We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
- For over 60 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
Company Overview:
CACI is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.
Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here
Since this position can be worked in more than one location, the range shown is the national average for the position.
The proposed salary range for this position is:
$68,400-$143,700
