Systems Planning and Analysis, Inc.

  • Cybersecurity IV&V Analyst

    Job Locations US-DC-District of Columbia
    Information Technology
    Regular Full-Time
  • Overview

    The overall effort supports Joint Staff (JS) J6, Cyberspace Division (Pentagon). The position will serve as an IT Security Assessor in support of the JS IV&V efforts using automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities and deficiencies of JS information systems to include enclaves, networks, applications, services, software, and Platform IT (PIT).



    • Coordinate with the appropriate joint directorate (JDIR) information security officer (ISO) or Program Manager (PM) to identify appropriate information system security manager (ISSM), information system security officer (ISSO), and other points of contact to obtain required artifacts for evidence, examination, and inspection before, during and post assessments.
    • Conduct in-depth vulnerability assessments and asset information system auditing (e.g., servers, workstations, network appliances, storage devices, and applications), review security controls and configurations, and validate if security objectives and goals are met, and, where applicable, review compliance requirements and best practices.
    • Request a plan of actions and milestones (POA&M) and vulnerability scan results/documentation and will review and request system owner inputs for unmitigated exploitable items over 21 calendar days old.
    • Produce Security Assessment Plans (SAPs) for government approval prior to the assessment, record findings during the assessment, and produce a Security Assessment Report (SAR) for the JS SCA and AO following the assessment period.
    • Assess the compliance, effectiveness, or changed state of security controls protecting the JS owned or operated portion of the DoD Information Network (DoDIN) and separately operated ISs.
    • Assess STIG checklists for accuracy and assist system owner/ISSM in importing validated scans to eMASS and linking to applicable security controls.
    • Complete 100% accurate IV&V inspections as attested to by an ISSM SAR review for RMF Step 4 assessments, and assessments IAW NIST guidance for JS authorized systems in continuous monitoring.
    • Provide a written Security Assessment Plan (SAP) documentation prior to each independent security control assessment.


    Required Qualifications:

    • Minimum of 5-7 years of task related experience.
    • Appropriate Cybersecurity workforce certification(s) at the IAM II/IAT-III level.
    • NIST and Risk Management Framework experience.
    • Active Top Secret clearance with Sensitive Compartmented Information (TS-SCI) access.


    Desired Qualifications:

    • Bachelor’s degree from an accredited college in Engineering, Computer Science, or Cybersecurity is preferred.
    • CISSP and Certified Authorization Professional (CAP) preferred.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed