Key skills
AgileScrumLeadershipRisk ManagementCommunicationTrivySonarQubeCheckmarx
About this role
Concept Plus is a mission-focused technology solutions provider that transforms IT concepts into impactful solutions for federal agencies. The IA/Cyber Security Analyst will help protect national defense systems by ensuring compliance with the Risk Management Framework (RMF) and maintaining accreditation packages for mission-critical assets.
Responsibilities:
- Work closely with technical teams to implement secure system improvements that meet DoD cybersecurity standards
- Monitor and evaluate project progress, providing actionable reports to leadership and government officials
- Communicate with team, customers, and stakeholders in a clear, concise, timely, and professional manner
- Manage and maintain security authorization packages within the DoD RMF lifecycle
- Ensure the confidentiality, integrity, and availability of systems through compliance with NIST 800-53 controls and DoDI 8500 series
- Draft and maintain documentation including System Security Plans (SSPs), POA&Ms, and Continuous Monitoring strategies
- Support system assessments, vulnerability scanning, and remediation efforts using tools like SonarQube, Checkmarx, Trivy, Dependency Track, eMASS, and Nessus
- Support system assessments, vulnerability scanning, and remediation efforts relating to DISA STIGs
- Interface with government security officials (e.g., ISSMs, AO representatives) to support audits, inspections, and reviews
- Coordinate security engineering input into system designs and control implementation
- Track and respond to cybersecurity incidents and ensure timely reporting and recovery efforts
- Participate in Agile/DevSecOps development cycles, ensuring security is integrated from concept to deployment
- Assist with personnel security awareness, training, and insider threat mitigation
- Commute as needed to the nearest secured facility to perform duties in a higher environment
Requirements:
- US Citizen
- Bachelor's degree in Information Science, Engineering, Computer Science, Technology Management, or a degree in a closely related field
- 3+ years of experience in Cyber Security, preferably within a DoD or government contracting environment
- An advanced degree may substitute for two years of required experience
- Industry certification such as Security+ CE, CISSP, CISM, or CAP (Security+ is a DoD 8570 baseline requirement)
- Hands-on experience with RMF steps, security control implementation, and continuous monitoring
- Proficient with tools such as SonarQube, Checkmarx, Trivy, Dependency Track, eMASS, Nessus, and DISA STIGs
- Familiarity with Air Force cybersecurity policies and standards, including AFMAN 17-1301
- Familiarity with Federal cybersecurity compliance work
- Very good verbal and written communication skills
- An Interim Secret or Secret Clearance to start
- Preferred experience working in Agile and DevSecOps environments
- Familiarity with Agile and Scrum methodologies in federal or defense settings