Senior Cybersecurity Analyst

Overview

SENIOR CYBERSECURITY ANALYST

(LI2S) Bowhead seeks a Senior Cybersecurity Analyst to join our team supporting the Program Office for Logistics Integrated Information Solutions - Marine Corps (LI2S-MC) in Stafford, VA. The Cybersecurity Analyst will work directly with the client analyzing complex and unique technical support assignments and lead or collaborate with engineers, cybersecurity personnel, logisticians, and program analysts within a scaled agile environment. The Senior Cybersecurity Analyst will be involved in strategic planning and decision-making related to cybersecurity initiatives within an organization. They will contribute to the development of cybersecurity policies and procedures. They will also be responsible for assessing and managing cybersecurity risks at a strategic level. Responsibilities Perform cybersecurity tasks for Global Combat Support System- Marine Corps (GCSS-MC) applications, components, sub-components, and environments in support of the GCSS-MC system, cloud migration effort, and audit remediation. Provide documentation annually that all personnel have obtained and maintained their DoD 8140 required certification. Confirm compliance of all personnel's annual IA awareness training status to the

GCSS-MC PMO

information systems security manager (ISSM). Follow DoD/US Navy/Marine Corps cybersecurity processes and procedures to protect U.S. Government sensitive information. Support GCSS-MC cloud migration and audit, update all GCSS-MC cybersecurity documentation in accordance with DOD policy and instruction as required by the ISSM and upload that documentation to a location identified by the ISSM where it is accessible to authorized individuals. Use the Government cybersecurity tool, Marine Corps Certification and Accreditation Support Tool (MCCAST), to manage Assessment and Authorization (A&A) documentation and workflow. The Government shall facilitate access and training for the MCCAST tool. Verify registration of all software used in the LI2S-MC portfolio of systems in the Department of the Navy Application and Database Management System (DADMS). Maintain DADMS, DoD Directive Information Technology Portfolio Repository-Department of the Navy (DITPR-DoN), data center inventory site, and other database repositories containing

PM LI2S-MC

data. In addition, maintain information provided by the Government in these repositories that support acquisition and non-acquisition events. In support of the cloud migration and audit: Verify and validate that security updates and patches are tested and applied to software and operating systems. Document all findings in a weekly report. Generate software quality code reviews with Government provided automated tool(s). Maintain a security Plan of Action and Milestones (POA&M) that lists all vulnerabilities identified by every assessment, and when that assessment identified the vulnerability, in accordance with DoD and USMC Risk Management Framework policies. Review, implement, and maintain the role-based access controls (RBAC) in support of the GCSS-MC and sub-components privileged user access. Review information assurance vulnerability management (IAVMs), communications tasking orders (CTOs), Marine Corps directives (MCDs), operational directives (OPDIRs), vulnerability alerts, and vendor notifications to determine applicability to

GCSS-MC/LCM

Family of Systems (FoS) and to assess impact and provide assessment to the ISSM. In addition, track, report status, and provide remediation suggestions for the vulnerabilities. Support all activities required for maintaining the authority to operate (ATO) and Federal Information Security Management Act (FISMA) compliances. These activities include, but are not limited to: Annual Security Reviews, Annual Security Control testing, Annual Contingency Plan testing, and quarterly update and submission of a quarterly Plan of Action and Milestones (POA&M).

Support cybersecurity testing by generating:

A cybersecurity detailed test plan (DTP) required when testing for accreditation that identifies specifically how the system should be tested Thorough risk assessment that identifies the security posture of the system. Conduct testing (pre/post) scans for the LI2S-MC systems/requirements related to system accreditations. Participate in cybersecurity discussions and vulnerability assessment scan reviews and provide technical guidance and solutions implementing cybersecurity best practices which will increase the security of the system and mitigate or eliminate vulnerabilities. The technical guidance and solutions must align with applicable security technical implementation guides (STIGs). Generate, review, and update cybersecurity documentation as required by MCSC risk management framework (RMF) processes. Support cyber readiness inspection (CRI) and IV&V events as required by the

GCSS-MC PMO ISSM.

This task includes but is not limited to: Reviewing and updating systems security documentation, performing pre-assessment scans, analyzing vulnerability scan results, analyzing, and updating configuration documentation, evaluating STIGs, evaluating test results, preparing, and reviewing POA&Ms, and providing remediation options for vulnerabilities. All vulnerabilities shall be identified in the Security POA&M. Other duties as assigned Qualifications BA/BS degree from an accredited college or university; MA/MS degree preferred. At least ten (10) years of professional experience including at least six (6) years of specialized experience on high visible or mission critical projects within DoD. Experience with Navy or Marine Corps programs preferred. Proven ability to work on high visible or mission critical aspects of a given program and performs all functional duties independently. Ability to manage the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific task. Intermediate to advanced level skills in Microsoft Office software suite - Word, Excel, Outlook, PowerPoint. Ability to communicate effectively with all levels of employees, Government personnel, and other stakeholders. Strong interpersonal skills, good judgment, and the ability to lead a team or perform independently.

SECURITY CLEARANCE REQUIREMENTS

Must be able to maintain a security clearance at the Secret level. US Citizenship is a requirement for Secret clearance at this location.

Physical Demands:

Must be able to lift up to 15-25 pounds Must be able to stand and walk for prolonged amounts of time Must be able to twist, bend and squat periodically #LI-JR1 Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC's Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant's resume/application may be subject to verification. Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes. UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities. Please view Equal Employment Opportunity postershere (https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf) . All candidates must apply online at www.uicalaska.com , and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance www.uicalaska.com/careers/recruitment/ . The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c) UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar company recognized as a top Alaska Native Corporation providing services across the Department of Defense and many federal agencies. Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and state or contract required paid time off programs. Join our Talent Community! Join our Talent Community (https://talentconnect.uicalaska.com/government-services/talentcommunity) to receive updates on new opportunities and future events.

ID 2026-25244

Category Cybersecurity/Information Security Location :

Location US-VA-Stafford Minimum Clearance Required Secret Travel Requirement Less than 10%