View all jobs
Sr. Security Analyst (ATO)
Chantilly, VAJob Title: (ATO) Senior Security Analyst
Clearance: Active TS/SCI (Active Secret Clearance at Minimum)
Work site: 100% on-site in Chantilly, VA
Employment type: Full-Time
Overview:
Strategic Business Systems, Inc. (SBS) is hiring multiple motivated Senior Security Analysts to support our newly created ATOaaS offering we provide to our technology partners and Government customers. This offering is focused on streamlining the Authority to Operate (ATO) process by standardizing processes and scaling our support to customers from SBS’ remote SCIF location in Chantilly, VA.
SBS developed this new offering, in partnership with our of Fortune 500 clients and DoD/IC customers, to help expedite the process to ATO and provide the U.S. military and government with the latest and most innovative technologies available in the commercial market. With new government requirements and a focus on cyber security regulations, commercial technology companies must allocate significant time and resources towards achieving ATO for their products with each customer they support. SBS’ ATOaaS allows our partners to reallocate this time back to improving their products and supporting the end customers mission.
Day to Day Responsibilities:
Writing Configuration Documentation: Writing clear and comprehensive documentation that explains how systems are configured and secured. This documentation is critical for customers to understand their security posture and for auditors to assess compliance.
Help with Package Development/Writing Packaging Requirements: Assisting in the creation or review of security package documentation. This includes writing and compiling the necessary documents that detail the security controls, policies, and procedures in place for a system seeking ATO.
Assisting Customers Throughout the ATO Process: Guiding and supporting customers throughout the entire ATO process, which includes understanding their systems, advising on security best practices, helping implement necessary security controls, and preparing for audits or assessments.
Continuous Monitoring and Reporting: Once ATO is granted, the role may also involve ongoing monitoring of the system's security posture, reporting on compliance status, and updating security documentation as needed.
Varied Responsibilities Across RMF Steps: Engaging in various activities associated with all six steps of the RMF process - categorize, select, implement, assess, authorize, and monitor. This could involve different tasks at different times, depending on the stage of the RMF process a particular customer is in.
Reviewing Scans: Regularly analyzing security scans to identify vulnerabilities and potential threats in the customer's environment. This involves interpreting scan results, prioritizing vulnerabilities based on risk, and recommending remediation actions.
Processing Actions and POA&M (Plan of Action and Milestones) Requests: Managing and responding to security-related actions, including developing and updating POA&Ms. This task involves tracking the mitigation of identified vulnerabilities and ensuring compliance with security standards.
Identification of Vulnerabilities: Proactively identifying security weaknesses within customer environments through various means such as vulnerability assessments, penetration tests, and security audits.
Technical Delivery:
Follows the capacity process outlined by SBS’ Managed Cyber Compliance Services (MCCS) team. Maintains tools with up-to-date skills and availability.
Leads meetings with customers/partners to understand business needs. Uses business, industry, and technology strategies to map customer/partner requirements to the adoption and optimization of partner technology solutions. Engages others appropriately to understand and define customer requirements.
Participates in project planning and develops project documents by identifying the risks and dependencies. Communicates the business value of planned solutions to customers/ partners. Identifies technical and business risks in programs and proposes mitigations. Assists project managers/architects in preparing for steering committee (e.g., developing artifacts). Manages their schedule and communicates with project leads. Generates and delivers Work Breakdown Structure (WBS).
Operational Excellence:
• Identify and develop mitigation strategies for cybersecurity threats and security vulnerabilities
• Evaluate configuration changes and their impact to the security posture of multiple enterprise cloud solutions
• Analyze Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP)
• Assess Risk Management Framework (RMF) NIST 800-53 R4 Information Assurance Controls
• Assess and assist with implementation recommendations of countermeasures or mitigating controls
• Ensure the integrity and protection of networks, systems, and applications by technical enforcement of Enterprise security policies, through monitoring and analysis of vulnerability scans and system log information
• Perform documentation requirements for periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance
• Prepare incident reports of analysis methodology and results
• Provide guidance and work leadership to less-experienced technical staff members and customers
• Interpret results from network/server/application scanning tools such as Tenable Nessus, Checkmarx and Fortify
• Interpret, document, and advise customers on emerging security, governance, and continuous monitoring policies
• Articulate cybersecurity risk to senior leadership and provide recommendations for remediation/risk acceptance
• Develop and/or support the successful development of cybersecurity processes and procedures
• Ability to explain inheritance models and resources
Required:
Preferred/Additional Qualifications:
Strategic Business Systems, Inc. (SBS) is a National Information Technology Services company headquartered in the Washington D.C. Metro area. SBS provides IT infrastructure design, integration, and operation services. Our expertise encompasses the full spectrum of infrastructure technologies, including the latest network, server, data storage, disaster recovery, security, and Internet technologies.
EEO Disclaimer
SBS is an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to age, gender, gender identification, sex, sexual orientation, color, race, creed, national origin, religion, marital status, parental status, citizenship status, ancestry, physical or mental disability, genetic information, veteran status, military status, or any other classification protected by federal, state, or local laws.
Accommodations
If you need an accommodation seeking employment with SBS, please email hr@sbsplanet.com . Accommodations are made on a case-by-case basis.
Clearance: Active TS/SCI (Active Secret Clearance at Minimum)
Work site: 100% on-site in Chantilly, VA
Employment type: Full-Time
Overview:
Strategic Business Systems, Inc. (SBS) is hiring multiple motivated Senior Security Analysts to support our newly created ATOaaS offering we provide to our technology partners and Government customers. This offering is focused on streamlining the Authority to Operate (ATO) process by standardizing processes and scaling our support to customers from SBS’ remote SCIF location in Chantilly, VA.
SBS developed this new offering, in partnership with our of Fortune 500 clients and DoD/IC customers, to help expedite the process to ATO and provide the U.S. military and government with the latest and most innovative technologies available in the commercial market. With new government requirements and a focus on cyber security regulations, commercial technology companies must allocate significant time and resources towards achieving ATO for their products with each customer they support. SBS’ ATOaaS allows our partners to reallocate this time back to improving their products and supporting the end customers mission.
Day to Day Responsibilities:
Writing Configuration Documentation: Writing clear and comprehensive documentation that explains how systems are configured and secured. This documentation is critical for customers to understand their security posture and for auditors to assess compliance.
Help with Package Development/Writing Packaging Requirements: Assisting in the creation or review of security package documentation. This includes writing and compiling the necessary documents that detail the security controls, policies, and procedures in place for a system seeking ATO.
Assisting Customers Throughout the ATO Process: Guiding and supporting customers throughout the entire ATO process, which includes understanding their systems, advising on security best practices, helping implement necessary security controls, and preparing for audits or assessments.
Continuous Monitoring and Reporting: Once ATO is granted, the role may also involve ongoing monitoring of the system's security posture, reporting on compliance status, and updating security documentation as needed.
Varied Responsibilities Across RMF Steps: Engaging in various activities associated with all six steps of the RMF process - categorize, select, implement, assess, authorize, and monitor. This could involve different tasks at different times, depending on the stage of the RMF process a particular customer is in.
Reviewing Scans: Regularly analyzing security scans to identify vulnerabilities and potential threats in the customer's environment. This involves interpreting scan results, prioritizing vulnerabilities based on risk, and recommending remediation actions.
Processing Actions and POA&M (Plan of Action and Milestones) Requests: Managing and responding to security-related actions, including developing and updating POA&Ms. This task involves tracking the mitigation of identified vulnerabilities and ensuring compliance with security standards.
Identification of Vulnerabilities: Proactively identifying security weaknesses within customer environments through various means such as vulnerability assessments, penetration tests, and security audits.
Technical Delivery:
Follows the capacity process outlined by SBS’ Managed Cyber Compliance Services (MCCS) team. Maintains tools with up-to-date skills and availability.
Leads meetings with customers/partners to understand business needs. Uses business, industry, and technology strategies to map customer/partner requirements to the adoption and optimization of partner technology solutions. Engages others appropriately to understand and define customer requirements.
Participates in project planning and develops project documents by identifying the risks and dependencies. Communicates the business value of planned solutions to customers/ partners. Identifies technical and business risks in programs and proposes mitigations. Assists project managers/architects in preparing for steering committee (e.g., developing artifacts). Manages their schedule and communicates with project leads. Generates and delivers Work Breakdown Structure (WBS).
Operational Excellence:
• Identify and develop mitigation strategies for cybersecurity threats and security vulnerabilities
• Evaluate configuration changes and their impact to the security posture of multiple enterprise cloud solutions
• Analyze Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP)
• Assess Risk Management Framework (RMF) NIST 800-53 R4 Information Assurance Controls
• Assess and assist with implementation recommendations of countermeasures or mitigating controls
• Ensure the integrity and protection of networks, systems, and applications by technical enforcement of Enterprise security policies, through monitoring and analysis of vulnerability scans and system log information
• Perform documentation requirements for periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance
• Prepare incident reports of analysis methodology and results
• Provide guidance and work leadership to less-experienced technical staff members and customers
• Interpret results from network/server/application scanning tools such as Tenable Nessus, Checkmarx and Fortify
• Interpret, document, and advise customers on emerging security, governance, and continuous monitoring policies
• Articulate cybersecurity risk to senior leadership and provide recommendations for remediation/risk acceptance
• Develop and/or support the successful development of cybersecurity processes and procedures
• Ability to explain inheritance models and resources
Required:
- Candidates must have an active Top Secret clearance with SCI eligibility.
- Candidates must have experience supporting and/or managing ATO packages for cloud-based products supporting U.S. government agencies and/or military branches, including hands on experience with ATO packages, specifically ATO writing and documentation.
- Must have experience successfully identifying and mitigating open day vulnerabilities
- Must have hands on experience with Risk Management Framework (RMF) NIST 800-53 R4 Information Assurance Controls (Knowledge of NIST RMF Steps 1-6)
- Candidates must have an active Sec+ or higher industry certification (IAT-II or III)
- Candidates must be self-motivated who can understand technical concepts and collaborate on technical direction on a small team in an agile environment.
Preferred/Additional Qualifications:
- 5+ years leadership experience in relevant area of business
- BS Degree, preferred
- In-depth knowledge of firewall (packet filtering, application level gateway, next generation) configurations within a cloud environment
- Deep understanding of Intrusion Detection Systems (IDS) to identify security issues for remediation and reporting
- Technical certifications based on domain/service line (e.g., Azure, Security, Dynamics)
- Delivery Management certification (e.g., Scrum, Agile, Change Management, Project Management)
- CISSP or other similar information security certification
Strategic Business Systems, Inc. (SBS) is a National Information Technology Services company headquartered in the Washington D.C. Metro area. SBS provides IT infrastructure design, integration, and operation services. Our expertise encompasses the full spectrum of infrastructure technologies, including the latest network, server, data storage, disaster recovery, security, and Internet technologies.
EEO Disclaimer
SBS is an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to age, gender, gender identification, sex, sexual orientation, color, race, creed, national origin, religion, marital status, parental status, citizenship status, ancestry, physical or mental disability, genetic information, veteran status, military status, or any other classification protected by federal, state, or local laws.
Accommodations
If you need an accommodation seeking employment with SBS, please email hr@sbsplanet.com . Accommodations are made on a case-by-case basis.