Cyber Security Analyst IV

(RMF / Vulnerability Management / Compliance Support)

Program Information

·         Location: Wright-Patterson Air Force Base

·         Employment Type: Full-Time

·         Work Schedule: Onsite Support

·         Clearance Requirement: Active Secret Clearance or ability to obtain and maintain favorable Tier 3/Tier 5 eligibility

·         Citizenship Requirement: U.S. Citizenship Required

·         Certification Requirement: Must meet DoD 8140/8570 IAM or IAT baseline certification requirements within 6 months of hire

 

Position Overview

The Cyber Security Analyst IV provides advanced cybersecurity engineering, RMF compliance, vulnerability management, continuous monitoring, and audit readiness support for Air Force Financial Management systems and enterprise infrastructure environments.

This position supports the implementation and sustainment of Risk Management Framework (RMF) activities in accordance with:

·         DoDI 8510.01

·         NIST SP 800-53 Rev 5

·         DISA STIG requirements

·         Air Force cybersecurity policies and enterprise security controls

The Cyber Security Analyst works closely with ISSMs, ISSOs, System Administrators, Database Administrators, Configuration Managers, and Government stakeholders to maintain compliant, secure, and operational systems across the enterprise environment.

 

Essential Duties & Responsibilities

·         Support the full RMF lifecycle for assigned systems and applications.

·         Develop, maintain, and update RMF documentation including:

o    System Security Plans (SSPs)

o    Risk Assessment Reports (RARs)

o    Security Control Traceability Matrices (SCTMs)

o    Plans of Action & Milestones (POA&Ms)

o    Continuous Monitoring documentation

o    Authorization and accreditation artifacts

·         Maintain and manage cybersecurity packages within eMASS and related RMF tracking systems.

·         Conduct vulnerability assessments using approved enterprise vulnerability management tools.

·         Analyze vulnerability scan results and coordinate remediation activities with system administrators and engineering teams.

·         Support DISA STIG implementation, validation, and compliance efforts.

·         Assist with ACAS/Nessus vulnerability scanning activities and remediation tracking.

·         Review security event logs, audit logs, and security alerts for anomalous or suspicious activity.

·         Support cybersecurity incident analysis, reporting, documentation, and coordination activities in accordance with established procedures.

·         Support continuous monitoring initiatives and cybersecurity compliance reporting.

·         Assist with cybersecurity inspections, audits, CCRI preparation, and remediation activities.

·         Coordinate cybersecurity requirements with government stakeholders, engineers, and support teams.

·         Support secure system configuration management and baseline compliance activities.

·         Develop cybersecurity status reports, risk summaries, and compliance documentation for leadership review.

·         Assist with implementation and validation of security controls in accordance with RMF requirements.

·         Utilize scripting and automation tools where appropriate to support compliance validation, reporting, and remediation tracking.

 

Required Technical Skills

RMF / Compliance

·         Risk Management Framework (RMF)

·         NIST SP 800-53 Rev 5

·         DoDI 8510.01

·         DISA STIG implementation and validation

·         Continuous Monitoring (ConMon)

·         POA&M management

·         Security control assessment support

·         Audit and compliance reporting

 

Security & Vulnerability Management Tools

·         eMASS

·         ACAS/Nessus

·         Tenable.io

·         Qualys

·         Splunk

·         QRadar

·         SolarWinds SEM

 

Endpoint & Infrastructure Security

·         Trellix/HBSS

·         CrowdStrike Falcon

·         Microsoft Defender

·         McAfee Endpoint Security

 

Operating Systems & Enterprise Platforms

·         Windows Server

·         Linux

·         VMware

·         Citrix

·         Active Directory

·         Azure Active Directory

·         DB2

·         IBM WebSphere

 

Scripting / Automation

Experience with one or more:

·         PowerShell

·         Python

·         Bash

 

Minimum Qualifications

·         Bachelor’s degree in Cybersecurity, Information Assurance, Information Technology, Computer Science, Engineering, or related field.

·         Equivalent combination of education, military training, certifications, and directly related experience may be considered.

·         7–10+ years of cybersecurity or information assurance experience.

·         5+ years supporting DoD, Air Force, or federal information systems.

·         Hands-on experience supporting RMF and eMASS activities.

·         Experience supporting vulnerability management and cybersecurity compliance initiatives.

·         Experience interpreting and implementing DoD and Air Force cybersecurity policies.

·         Strong written and verbal communication skills.

·         Ability to work collaboratively within enterprise government environments.

 

Preferred Certifications

Must possess or obtain one or more applicable certifications:

·         CGRC (formerly CAP)

·         CISSP

·         CASP+

·         Security+

·         CISM

·         GCIH

·         GCIA

 

Preferred Experience

·         Experience supporting Air Force enterprise environments

·         Experience supporting AFFSO or Financial Management systems

·         Experience supporting CCRI inspections

·         Experience with enterprise cybersecurity compliance reporting

·         Experience working within classified or controlled government environments