Senior Cyber Security Analyst
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities
Octo, an IBM company, is an industry-leading, award-winning provider of technical solutions for the federal government. At Octo, we specialize in providing agile software engineering, user experience design, cloud services, and digital strategy services that address government's most pressing missions. Octo delivers intelligent solutions and rapid results, yielding lower costs and measurable outcomes.
Our team is what makes Octo great. At Octo you'll work beside some of the smartest and most accomplished staff you'll find in your career. Octo offers fantastic benefits and an amazing workplace culture where you will feel valued while you perform mission critical work for our government. Voted one of the region’s best places to work multiple times, Octo is an employer of choice!
Senior Cyber Security Analyst
Octo, an IBM company, is an industry-leading, award-winning provider of technology solutions for the federal government. At Octo, we specialize in providing agile software engineering, user experience design, cloud services, and digital strategy services that address the government's most pressing missions. Octo delivers intelligent solutions and rapid results, yielding lower costs and measurable outcomes.
Our team is what makes Octo great. At Octo, you'll work beside some of the smartest and most accomplished staff you'll find in your career. Octo offers fantastic benefits and an amazing workplace culture where you will feel valued while you perform mission-critical work for our government. Voted one of the region’s best places to work multiple times, Octo is an employer of choice!
As a Senior Cyber Security Analyst at Octo, you will join an Agile development program in support of the development of a new high-priority, mission-critical application at the General Services Administration (GSA). This individual will work with other cybersecurity specialists and analysts to support delivering and sustaining reliable, scalable, and high-performance applications. This cross-functional role will work closely with development team members and various GSA and external stakeholders, including many at the leadership level. They will apply their skills and experience to provide the support and expertise needed to get cloud-based applications to GSA customers and keep them compliant with Federal and GSA security requirements.
We were founded as a fresh alternative in the Government Consulting Community and are dedicated to the belief that results are a product of analytical thinking and agile design principles and that solutions are built in collaboration with, not for, our customers. This mantra drives us to succeed and act as true partners in advancing our client’s missions.
This program will support the GSA Information Technology mission, providing development and operational support for new and existing legacy mission-enabling applications. Your team on the program will have a direct say in your participation in the design and implementation of a mission-critical application that integrates with other GSA systems and impacts GSA employees and public users, starting at the design phase to include the development, implementation, and maintenance of a technology roadmap. We are digitizing information and processes for improved implementation, leveraging modern tools and low code/no code for reusability and faster delivery.
Support the daily cross-functional operational readiness of GSA’s shared Salesforce.com platform and other Low-code/no-code environments.
Applies experience and knowledge of NIST Risk Management Framework (RMF) and how Federal agencies apply this to secure their information systems.
Applies experience and knowledge with the Assessment and Authorization (A&A) process, including Authority To Operate (ATO) packages and their alignment with RMF processes.
Coordinates FedRAMP authorization on behalf of GSA, including intake, kickoff, Work Breakdown Structure (WBS), remediation, and Authority to Operate (ATO).
Builds out Implementation Plan, Security Test Results, and Evidence management.
Responsible for Plan of Action and Milestone (POA&M) development, which includes any necessary remediation.
Drafts Standard Operating Procedures (SOPs) for user account provisioning and end-user controls (GSA responsibility).
Updates technical security specs within the ATO packages to accurately reflect new information.
Supports Authorizing Official System Brief (AOSB) development regarding successes, POA&Ms, and all stakeholder input.
Coordinates Incident Response Plan (IRP), and Memorandum of Understanding/Information System Agreement (MOU/ISA) development, including all final signatures.
Facilitates (Incident Response Plan) IRP Tabletop exercises.
Ensures detailed and efficient hand-off to the Implementation team.
Works to maintain compliance for SaaS Systems in Continuous Monitoring (RMF Step 6) through reauthorization (RMF 1-5) prior to the Authorization Termination Date (ATD).
Continuously maintains the GSA’s ATO security controls.
Tracks document expiration. Identifies items approaching expiration and proactively works to complete new versions of those documents and upload them as artifacts.
Completes POA&M remediation actions and updates.
Creates monthly POA&Ms for each ATO package to reflect the status of monthly vulnerability scans conducted by Vendor and GSA-responsible controls.
Implement Annual Assessment SOP requirements, validate prescribed controls, and update reauthorization annually.
Supports Authorizing Official System Brief (AOSB) development regarding successes, POA&Ms, and all stakeholder input to the system going up for reauthorization.
Experience in Agile methodologies with an emphasis on testing practice.
Ability to communicate in a clear and concise manner.
Ability to take initiative on assigned projects/tasks and work with minimal supervision.
Partner cross-functionally on platform innovation and DevOps maturity.
Collaborating with internal and client staff in identifying, planning, executing, tracking, and reporting all activities for security and compliance-related activities.
Years of Experience: 3+ years of related experience preferred. Education may be substituted for experience.
Education: BA/BS degree preferred or four years of equivalent applicable experience. or military experience.
Location: Remote within the United States.
Clearance: Ability to obtain a government clearance.
Required Technical and Professional Expertise
Must have at least 3 years of related cyber security experience, preferably for a Federal or government agency.
Strong conceptual understanding of how and when to apply NIST SP 800-53 (Revision 5) security controls for information systems.
Working knowledge of the software development life cycle (SDLC) for SaaS applications.
Excellent professional verbal and written communication and technical documentation skills.
Ability to read technical documentation and identify alignment and/or conflict with process requirements and policies. Ability to translate these findings into customer communications along with action items to resolve potential issues.
Ability to prioritize and work on multiple projects and initiatives simultaneously and adapt to changes in requirements, priorities, and deadlines.
Strong analytical and organizational skills, including strong attention to detail.
Strong interpersonal skills and ability to work collaboratively in a dynamic team environment.
Superb soft skills, including gaining the trust of stakeholders and senior management and negotiating priorities with external teams.
Must be able to use a computer.
Must be able to obtain a government security clearance.
Must be eligible to work in the United States.
Must have fast and reliable internet service that allows for effective telecommuting.
Clearance: Ability to obtain a government clearance.
Preferred Technical and Professional Expertise
Experience working with cybersecurity management tools.
Prefer industry-recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or Certified Ethical Hacker (CEH).
Experience supporting GSA.
Experience working in the government sector.
SAFe Agile and QA Certifications
About Business Unit
Your Life @ IBM
Being an IBMer means you’ll be able to learn and develop yourself and your career, you’ll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.
Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.
Are you ready to be an IBMer?
Being You @ IBM