Cyber Security Analyst / Information Assurance
Fairfax, VA / Telework

Tiber Creek Consulting, Inc. is seeking a Cybersecurity Analyst / Information Assurance (IA) Analyst to serve as a cybersecurity subject matter expert (SME) as part of our growing cybersecurity operations team in Fairfax VA. Assessing and ensuring operational, technical, and privacy information security compliance for a variety of small to large commercial and federal clients, you will provide support for executing full Security Assessment and Authorization (SA&A) life cycle and risk management functions, measuring risk, examining system documentation, interviewing appropriate system and site personnel, providing recommendations on remediation solutions, assisting in developing functional requirements for Tiber Creek’s commercial SaaS GRC product, providing oversight and guidance as a senior cybersecurity analyst to the rest of cyber operations team, proposing intuitive ways to solve complex cybersecurity challenges, testing system technical security configuration settings and developing reports.

The successful candidate demonstrates subject matter expertise in security guidance and security control assessment (SCA) processes using the relevant framework; leverages knowledge of Plan of Action and Milestones (POA&M) management and continuous monitoring; tests system technical security configuration settings; reviews various system scan results for compliance with industry standards, and assists with developing and reviewing compliance reports that clearly identify security findings and proposed remediation strategies.

If your strengths include the ability to solve complex information security related challenges, propose strategic/pragmatic approaches to the team and clients, efficiently multi-task, support a cross-matrixed team and work multiple client projects, Tiber Creek Consulting would love to have you join us!

Apply To:
Certifications:Security+ required. Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) or CompTIA Advanced Security Practitioner (CASP) certification are preferred.
Experience:Must have 5+ years’ related work experience
Clearance:Ability to obtain Secret Clearance is required. Candidates must be US citizens who are clearable for a DoD Secret clearance, due to federal contract and some commercial client requirements.
Related Experience Should Include:
  • Strong understanding of commercial industry and/or federal information security related processes, frameworks, standards, and regulations.
  • Strong security system analysis skills and understanding of Cyber and IT security risks, threats and prevention measures.
  • Information Assurance (IA) Analyst and/or IT Operations Engineer experience supporting a variety of environments ranging from small businesses, large enterprise organizations, and federal information systems.
  • Experience supporting customers in either Federal Government and/or other industry specific Cybersecurity Compliance and Regulatory standards/frameworks.
  • Experience with a variety of cybersecurity compliance standards, regulations and frameworks such as: NIST SP800-171r1, Cybersecurity Maturity Model Certification (CMMC), NIST RMF, NIST CSF, FISMA, FIPS, NIST SP800-53r4, NIST SP800-60, PCI-DSS, HIPAA, SOC 2, ISO27001, FedRAMP, GDPR, CCPA, SOX, etc.
  • Experience with cloud security approaches and cloud architectures. Preferred experience with Azure and AWS as either an Engineer, Architect, ISSO, etc.
  • Knowledgeable of Cybersecurity/IA solutions such as PKI, VPN, Enterprise Firewalls, IPS, IDS, SCAP, STIG, Nessus, ACAS, SIEM, HIDS, NIDS, MFA, EDR, Vulnerability Scanners, AV solutions, data at rest encryption solutions, data in transit encryption solutions, penetration testing tools, GRC tools, etc.
  • In-depth understanding of networking and network security; network monitoring and protocols.
  • Experience in qualitative and quantitative risk assessments and risk management processes.
  • Experience in small to medium size business support in either IT Engineering and/or Cybersecurity objectives.
  • Experience in writing and designing information security policies, procedures, standards, guides, plans, etc.
Job Duties:
  • Support a variety of commercial clients security gap assessments and audits with various compliance standards, frameworks, and regulations; and provide tailored recommendations.
  • Generate and design a variety of reports such as Security Testing and Evaluation Reports, System Security Plans (SSP), Plan of Actions and Milestones (POA&M), Risk Assessments, etc.
  • Support a variety of federal and commercial clients as a Information System Security Officer (ISSM), to include security and system architecture design and input.
  • Support IT Incident Response (IR) actions and reporting.
  • Write/develop security and risk reports.
  • Consult clients on various mitigation and remediation solutions/methods.
  • Support development and enhancement of a commercial Governance, Risk Management, and Compliance (GRC) SaaS solution.
  • Provide subject matter expertise consulting for all things cybersecurity for a wide range of clients across industry verticals both small business and large commercial business and federal information systems.
  • Perform enterprise-wide risk analysis and vulnerability assessments.
  • Provide SME support for automating cybersecurity operations via technology solutions and strategies.
Physical Demands and Work Environment:
  • Some local and long distance travel may be required.
  • Usual office working conditions and standard office equipment. Required to sit for long periods of time using a personal computer. Some light physical effort required.
  • Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.
  • Full time remote/telework is an option and may be required during the current COVID-19 pandemic.
Minimum Qualifiers:
  • Unable to work with 3rd party candidates or agencies.

Interested in Joining Our Team?