ITOT Cybersecurity Analyst

General Summary :

The Cyber Analyst serves as a critical asset in supporting the Army customer, directly interfacing with government customers, stakeholders, and cross-functional teams. The ideal candidate brings robust understanding of Zero Trust architecture and Identity, Credential, and Access Management (ICAM) principles, and Risk Management Framework (RMF) processes tailored to Army and DoD environments. This role requires an understanding of the best practices of IT / OT, the RMF lifecycle, organizational leadership, a working knowledge of policy implementation and analysis of laws, directives, and regulations, as well as first-hand experience in IT practices within the Army environment. Additionally, this position demands knowledge and experience in Operational Technology (OT) and Control Systems architecture. The candidate should possess the ability to review, analyze, and interpret assessments from teams like Cyber Protection Teams (CPTs) and Black Start Exercises (BSEs), and present findings to senior leadership in a clear, actionable format, while performing all traditional duties of an ISSO.

Principal Duties and Responsibilities :

• Consult with system owners to review risk assessments for IT and OT systems, identify vulnerabilities, and provide governance-focused recommendations for mitigation strategies in compliance with RMF and NIST standards.
• Review / complete RMF packages to include System Categorizations, Security Plan, and Authorization Packages (A&A, Assess Only).
• Monitor and determine system categorization in accordance with NIST SP 800-59, NIST SP 800-60, FIPS 199, and / or CNSSI 1253 and NSA's BOD (as applicable) in areas of Confidentiality, Integrity, and Availability (CIA) and coordinate approval.
• Integrate cybersecurity and IT initiatives into systems, ensuring compliance with organizational standards and security best practices.
• Manage and execute the full RMF lifecycle for Army and DoD-related systems, including categorization, security controls implementation, risk assessment, and continuous monitoring.
• Work closely with customers and stakeholders to ensure compliance with RMF standards and requirements in accordance with organizational guidelines.
• Advise organization on RMF-related policies and guidance and perform all traditional duties of an ISSO to assist the organization with registering their IT / OT systems in eMASS.
• Provide guidance and mentorship to junior cyber analysts and staff.
• Review and analyze policies with an emphasis in IT / OT, ensuring alignment with applicable laws, directives, and regulations while addressing the unique information technology and operational requirements of both environments.
• Support initiatives to integrate Zero Trust, IPv6, and Windows 11 strategies into the Army's Operational Technology and IT environment, ensuring alignment with security objectives.
• Inform the customer of the implementation of ICAM frameworks to ensure secure identity lifecycle management and access control policies across IT and OT systems.
• Leverage ICAM principles to enhance identity governance, multi-factor authentication (MFA), and role-based access for personnel and systems.
• Ensure alignment of ICAM initiatives from Army policies and DoD directives to the OT environment.
• Assist with developing and maintaining security documentation for all systems under the organization' s purview, ensuring all artifacts (e.g., SSPs, POA&Ms, C&A packages) are up-to-date and aligned with the Army's and organizations RMF process.
• Provide clear, concise reports on risk posture to senior leadership.
• Analyze assessments and findings from Cyber Protection Teams (CPTs), Black Start Exercises, and other relevant IT / OT assessments.
• Provide a comprehensive analysis of the "so-what" of these assessments, highlighting key takeaways, risks, and recommendations for improvement.
• Present findings in a clear, concise presentation format to senior leadership, ensuring the leadership team is informed and equipped to make strategic decisions based on these analyses.

At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our "Family of Professionals!" Learn about our employee-centric culture and benefits here

Required Skills

Required Experience

Preferred Qualifications

Industry certifications such as CISSP, CISM, or other relevant certifications preferred.

Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities / Females / Veterans / Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

J-18808-Ljbffr