Senior Cybersecurity Analyst

Senior Cybersecurity Analyst at Aerstone Senior Cybersecurity Analyst at Aerstone in Cambridge, Massachusetts Posted in 11 days ago.

Type:

full-time

Job Description:

Aerstone seeks a Senior Cybersecurity Analyst to lead independent assessments of customer security controls based on the NIST Risk Management Framework (RMF). Assessed boundaries vary and typically include applications, cloud systems, general support systems, infrastructure, service delivery offerings, and other enterprise information systems.

Quest Consultants LLC DBA Aerstone is a cybersecurity firm based in the D.C area that supports a work-from-home model with team members based anywhere in the United States. The majority of engagements are remote-based and anticipated travel is estimated at less than 20%.The ideal candidate will have the ability to blend technical, organizational, business, and cyber security skillsets to lead security control assessments.

Duties will include:

Project planningCoordination with customers and peersReview of system security plans and related documentationInterviewing subject matter experts and other key personnelPerforming in-depth risk analysisReportingThe successful candidate will possess:7+ years of experience working with security related concepts across different system tiers including applications, operating systems, databases, network infrastructure, and cloud servicesExperience with risk-based control assessment methodologies, including risk identification (threats sources and threat events), risk analysis (likelihoods and impacts), evaluation, and remediationExcellent writing skills and reporting capabilities.

CISSP certified or the ability to work towards obtaining the certificationDemonstrated ability to lead multiple projects simultaneously and to work in a highly dynamic, rapidly changing environmentKnowledge of threat modeling techniques and methodologiesExperience developing assessment reports that effectively and concisely communicate results and risks to a variety of stakeholdersExcellent interpersonal, communication (written and verbal), organizational, and analytical skillsExcellent consultative skills and the proven ability to work effectively with business partners, internal management and staff, vendors and consultantsProven ability to communicate technical issues to technical and non-technical business partnersExperience preparing and leading assessment interviews of highly-technical information systemsStrong attention to detail, both in reviewing system documentation and creating reportsExperience leading or assisting with security risk assessments or cyber security related initiatives/projectsStrong project management skills with experience managing a portfolio of engagementsDemonstrated ability to serve as risk assessment subject matter expert (SME) Preferred skills and knowledge:7+ years of experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocolsExpert knowledge of

NIST SP 800-53

Rev 4 and experience executing assessments against itSubject matter expertise of one or more industry risk management frameworks, such as

NIST SP 800-30, NIST SP 800-39, ISO

27005/31000, CMMC, & PCIFamiliarity with cloud platforms and the customer shared responsibility modelFamiliarity with FISMA, FedRAMP, and NIST SP 800-series publicationsExperience assessing cloud-based information systemsStrong technical experience, including reporting and representing findings from technical testsExperience with MS Project or other project management toolsOther tasks may include:

Representing the company in formal customer interactionsCoordinating with other cybersecurity teams as necessaryPerforming other duties as assigned

Years of Experience Required:

7+ years

Education Requirements:

Bachelors degree

Clearance Requirements:

Ability to gain and maintain an agency public trust clearance. TS clearance a plus.

Desired Certifications:

CISSP, CISA, PMP, and/or CySA+ certificationsPCI QSA certification a plus

Cloud Certifications of Note:

CCSP (ISC2), CCSK or CCAK (CSA), AWS Cloud Practitioner, MS Azure FundamentalsAbout AerstoneAerstone is a Service-Disabled Veteran-Owned Small Business (SDVOSB) with office locations in Maryland and Northern Virginia. Aerstone provides work from home opportunities, excellent health benefits, and certification & training opportunities for its employees.

EEOC:

Equal Employment Opportunity has been, and will continue to be, a fundamental principle at Aerstone, where employment is based upon personal capabilities and qualifications without discrimination because of race, color, religion, sex, age, national origin, familial status, disability, veteran status, sexual orientation, health/genetic information, or any other protected characteristic as established by law.

In compliance with federal EEOC regulations, the selected employee will work on a cleared contract and therefore be required to hold U.S. citizenship. recblid 15hstqdlq72pjurvhij3dfixx4lqp8