Cyber/Information Assurance (IA) Analyst
Description:
Place of Performance: National Capital Region (Pentagon and JSP-designated alternate sites)
SHR - Software Hardware Re-engineered
About SHR Consulting Group:
SHR is a premier technology integrator solving our nation's most complex modernization and readiness challenges across the defense, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration, enterprise IT, including cloud services: cyber, software, advanced analytics, and AI. With an intimate understanding of our customers' challenges and deep expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions.
We are a rapidly growing organization seeking experienced Cyber/Information Assurance (IA) Analysts (multiple openings) to support cyber compliance, vulnerability management, and Risk Management Framework (RMF) activities for a large enterprise DoD environment supporting the DISA Joint Service Provider (JSP). The successful candidate will analyze security scan results, drive remediation, and ensure continuous compliance against DISA STIGs, IAVM notices, and applicable DoD orders. This single posting covers Senior Information Assurance (IA) Analyst, Intermediate Information Assurance (IA) Analyst, and Cyber Compliance System Administrator openings.
Key Responsibilities:
Analyze results of security scans (ACAS, HBSS/ESS, Splunk, Tanium) independent of the JSP Cyber Center and JSP DCO, and coordinate with System Administrators to apply security patches, GPO changes, certificate updates, and configuration changes (averaging approximately 50 changes monthly).
Drive systems toward 100% compliance with DISA STIGs, IAVM notices, and DoD tasking orders; prepare and manage Plans of Action and Milestones (POA&Ms) for any deviations, with mitigation steps and target compliance dates.
Actively monitor DoD websites, automated notices, and collaboration sites for newly published cyber orders and tasking, distribute orders to appropriate Platform Services teams (10-12 monthly average), and track execution to completion.
Maintain Command Cyber Operational Readiness Inspection (CCORI) and Cyber Security Service Provider (CSSP) compliance at all times as directed by JFHQ-DODIN; prepare pre-inspection checklists and ensure all items are compliant prior to scheduled and unscheduled inspections.
Maintain secure baselines for workstations and servers; ensure all Platform Services managed assets have required security tools (HBSS/ESS, ACAS, Splunk, Tanium) installed and communicating to the management consoles, with tickets opened for any communication issues.
Maintain non-critical IAVM Risk Scores across all Platform Services domains, technology areas, and accreditation boundaries.
Support the RMF process in accordance with DoDI 8510.01 and NIST SP 800-37, including Authorization & Accreditation (A&A) artifacts, eMASS updates, and security control validation against NIST SP 800-53.
Adhere to the JSP Incident Response SOP and CJCSM 6510.01; support independent control testing and Systems Security Reviews; document results in SharePoint or approved repositories.
Deploy and validate patch and hot-fix mitigations across multiple operating system platforms using tools such as Microsoft Endpoint Configuration Manager (MECM), Group Policy, PowerShell scripting, Tanium, Red Hat Satellite Server, or YUM Server.
Provide cyber compliance metrics, dashboards, and reports for the Monthly IPR and executive briefings.
Minimum Qualifications:
Three (3) or more years of experience securing operating systems against DISA STIGs and configuring/maintaining host firewalls; experience hardening Windows Server and Red Hat Linux platforms required.
Working knowledge of the DoD IAVM program, the DISA Vulnerability Management System (VMS), and the Continuous Monitoring Risk Scoring (CMRS) system.
Knowledge of DoD vulnerability scanning standards and tools, defense-in-depth concepts, and incident response, auditing, and CNDSP practices.
Hands-on experience with cyber tools, including HBSS/ESS, ACAS (Tenable), Splunk, and Tanium.
Experience supporting RMF (NIST SP 800-37), NIST SP 800-53R control documentation and validation, and accreditation programs such as FISMA, OMB, DoD IG inspections, and ACA.
Experience deploying patches and hot fixes against required deadlines using MECM, Group Policy, PowerShell, Red Hat Satellite/YUM, or Tanium.
For the Senior variant: 5+ years of experience and ACAS administrator certification/experience are strongly preferred.
Strong analytical, written, and verbal communication skills with the ability to brief technical risk to Government leadership.
Education Requirement:
Bachelor's degree in Computer Engineering, Computer Information Systems, Telecommunications, Management Information Systems, Cybersecurity, or a related field; or equivalent combination of education and three (3)+ recent years of documented relevant experience.
Must meet DoD 8570.01-M / DoD 8140 IAT Level II baseline certification requirements prior to start (e.g., Security+ CE, CCNA-Security, CySA+, GICSP, GSEC, or equivalent). Computing Environment certification appropriate to the role is also required.
Clearance Requirement:
U.S. Citizenship
Active Secret Clearance (or higher)
Work Environment:
100% onsite at a government facility within the National Capital Region (NCR), primarily at the Pentagon, Crystal Gateway, Taylor Building, Mark Center, or other JSP-designated alternate site. Must be local to the DC Metro Area with reliable transportation.
Must comply with all DoD, DISA, and JSP security and access protocols, including the ability to access NIPRNet and SIPRNet environments.
Benefits:
Competitive salary based on experience
Comprehensive benefits package including health, dental, vision, and retirement plans
Paid time off and holidays
We are an Equal Opportunity Employer and consider all qualified applicants without regard to protected characteristics under applicable law. EEO/AA Employer/Veteran/Disabled.