Job Summary
We are looking for an experienced Cybersecurity Analyst to join our team, responsible for safeguarding WBAMC assets through comprehensive vulnerability assessments, remediation, and policy compliance. This role involves collaboration with various teams to maintain a secure IT environment, ensure compliance with regulations, and support the Risk Management Framework (RMF) and related cybersecurity policies.
- This position is contingent upon contract award*
Job Duties And Responsibilities
- Vulnerability Management : Identify, assess, and remediate vulnerabilities across all WBAMC systems. Develop and implement mitigation strategies and maintain a Cybersecurity Plan of Action and Milestone (POA&M) with tracking.
- Risk Management Framework (RMF) Support : Support RMF documentation, compliance, and validation processes to ensure compliance with Army and Department of Defense (DoD) standards.
- System Authorization & Accreditation : Support the Authority to Operate (ATO) process, including evaluation, submission, and tracking of ATO packages.
- Security Assessment & Monitoring : Perform regular security assessments, conduct vulnerability scans, document compliance, and implement remediation plans.
- Incident Response : Provide support for security incident handling, monitoring, tracking, and reporting. Assist with security solutions such as Intrusion Detection/Prevention Systems (IDS/IPS), anti-virus, and digital forensics.
- Compliance & Documentation : Maintain accurate documentation for all security controls and assessments, contributing to reports on compliance with DoD, DHA, and Army regulations.
- Security Policy Development : Assist in creating and updating security policies, procedures, and best practices, including development of System Security Architectural Designs.
- Other duties as assigned.
Job Requirements (Education/Skills/Experience)
- Strong background in cybersecurity policies and procedures, vulnerability analysis, risk assessment, and RMF compliance.
- Experience with RMF artifacts and documentation, including ATO management and compliance with regulations such as AR 25-1, AR 25-2, and NIST 800-53.
- Proficiency in cybersecurity tools such as eMASS, Host-Based Security System (HBSS), ACAS, and SCCM for vulnerability assessment and compliance tracking.
- Working knowledge of DoD cybersecurity frameworks and best practices.
- IAT Level II certified (Security+, GSEC, etc.).
- Ability to obtain/maintain Public Trust clearance.
Preferred
- Certifications in cybersecurity such as CISSP, CISM, or Security+.
- Familiarity with DISA STIG compliance, IAVA Scanning, and related DoD cybersecurity initiatives.
- Experience with network security, security architecture design, and operational security management.
Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.