Red Gate Group is seeking a skilled Cyber Risk Analyst to support the Defense Threat Reduction Agency (DTRA) in Reston, VA. In this role, you will play a critical part in identifying and mitigating cyber risks for mission-critical DoD systems and networks. You will collaborate with engineers and subject matter experts to evaluate technical, environmental, and personnel threats and guide clients through risk management strategies. This position offers a unique opportunity to apply your cybersecurity expertise while broadening your knowledge of security tools, systems engineering, and data science.
As a Cyber Risk Analyst, you will help create and maintain key security documents, provide insight into cybersecurity policies, and support Assessment and Authorization (A&A) activities for DoD programs. Your work will directly contribute to securing essential defense operations and provide the opportunity to present findings to senior stakeholders.
This role provides an exciting opportunity to be at the forefront of cybersecurity in defense operations, ensuring the safety and resilience of vital systems. If you are passionate about security and risk management, this position offers a platform to showcase and expand your expertise.
Key Responsibilities:
- Identify and assess cyber risks for DoD programs and develop tailored mitigation strategies.
- Collaborate with subject matter experts to evaluate and secure mission-critical networks and systems.
- Develop and maintain security documentation such as System Security Plans (SSP), Risk Assessments, and Plans of Action and Milestones (POA&M).
- Guide clients through the Risk Management Framework (RMF) process and ensure compliance with relevant cybersecurity standards and policies (e.g., NIST SP 800-53, CNSSI 1253).
- Provide cybersecurity expertise and translate complex technical challenges into actionable plans for clients.
- Active TS/SCI
- 5+ years of experience working in a professional IT environment
- 3+ years of experience with cybersecurity
- 3+ years of experience with Assessment and Authorization (A&A) in support of DoD and IC programs, including package development, artifact generation, and authority to operate (ATO)
- Experience with security hardening of Windows and Linux operating systems and security tools, such as ACAS, SCAP, STIG/SRGs, SCC, eMASS/Xacta, ESS, Prisma Cloud, Kubernetes, Rancher, and Docker
- Experience generating and maintaining System Security Plans (SSP), Implementation Plans, Privacy Impact Assessments, Security Assessment Plans (SAP), Risk Assessments, Plan of Action and Milestones (POA&M), and other A&A documentation
- Knowledge of Risk Management Framework (RMF) and the A&A activities needed to obtain and maintain an ATO, including National Institute of Standards and Technology (NIST) and Committee on National Security Systems Instruction (CNSSI), including NIST SP 800-60, NIST SP 800-53, and CNSSI 1253
- Security+ DoD 8570 Level II
Desired Skills & Experience
- Experience with DoD or IC cybersecurity projects or programs
- Experience with DevSecOps, Path-to-Production, and CI/CD
- Experience with Cloud Authorization and Cloud Migration
- Experience with administering Red Hat Enterprise Linux or Windows Server 2012 or higher
- Ability to provide subject matter expertise to system engineering documents, including technical requirements documents, interface control documents, and system specifications
- Ability to analyze and communicate complex technical challenges to both technical and non-technical clients and stakeholders
- Ability to communicate and integrate between multiple customer stakeholders
- Bachelor's degree
The Red Gate Group, Ltd. is an Equal Opportunity/Affirmative Action Employer. The Red Gate Group, Ltd. considers applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law. EEO is the Law