Senior Mobile Information Assurance/Security Analyst

• Apply knowledge of DoD security standards to develop, evaluate and enhance mobile security requirements, policy and tools.
• Provide information assurance support for the development and implementation of security architectures to meet new and evolving security requirements.
• Analyze policies and procedures against Federal laws and regulations and provides recommendations for closing gap.
• Complete Application Security Development (ASD) assessments both as a regular part of product lifecycles, and on demand in support of Certification and Accreditation (C&A) events.
• Conduct source code review using static (e.g. HP Fortify, Synopsys Coverity) and dynamic (e.g., fuzzers, Burp, ZAP) assessment tools.
• Evaluate the customer’s ASD processes and procedures for compliance with DoD Cybersecurity requirements (DISA ASD STIG).
• Test discovered vulnerabilities to determine full scope and impact.
• Perform data consolidation and analysis on test results based on NIST Risk Assessment methodology (SP 800-30 rev 1), documenting the results in standardized test artifacts.
• Research appropriate technical and/or procedural recommendations to improve the security state of the customer’s products.
• Present analysis and recommendations through formal reporting, both written and verbal, to developers and senior stakeholders.

Skills & Experience:

• In-depth knowledge of DoD IA policies
• Experience with DoD or Federal compliance testing methodologies (e.g. Common Vulnerability Scoring System, NIST Risk Management Framework)
• Experience with reviewing, understanding and assessing DoD Cybersecurity requirements related to software security (e.g. DISA ASD STIG, DoD Directive 8500.01E, NIST Special Publication 800-53)
• Experience with various mobile operating systems (iOS, Android) and common threat mitigation technologies
• Experience with DIACAP, DoD RMF or Federal Certification and Accreditation Processes for IT systems.
• Knowledge of emerging technologies, standards, and best practices
• Must be able to work effectively and efficiently in a collaborative environment
• Excellent verbal and written English communication skills
• Strong attention to detail, organization, and time/project management skills
• Ability to thrive in a fast-paced environment
• Strong analytical skills

The Ideal Candidate: Will possess 7+ years of Cyber-Security/IA experience operating in the .mil environment with at least 5 years of experience with mobile security. In addition, the individual must be certified in accordance with the 8570.01M at the IAT-2 level, have knowledge and understanding of DoD instructions 8520.02 and 8500.01. The individual must be familiar with the integration of Cyber-Security requirements throughout the entire Program Life Cycle from early requirements definition through delivery, operations, and decommissioning. Have knowledge applying NIST 800-53 controls, DISA Security Technical Implementation Guides (STIGs) and NSA Guides regarding configuration standards for DOD IA and IA-enabled devices/systems.

• BA/BS degree or higher in a technology related field. Additional years of experience may be substituted for education.
• CISSP certification is a plus