Cybersecurity Risk Analyst

Amentum seeks a Cybersecurity Risk Analyst.

Amentum is a global leader in advanced engineering and innovative technology solutions, trusted by the United States and its allies to address their most significant and complex challenges in science, security and sustainability. Headquartered in Virginia, we have more than 53,000 employees in approximately 80 countries across all 7 continents.

The Cybersecurity Risk Analyst role is a remote-telework position that supports our governance, risk, information assurance. and compliance (R&C) arm of the cybersecurity team.  This role supports Amentum’s data protection requirements through the assessment of controls and working with teams through the mitigation process. Qualified candidates will need a versatile skill set that emphasizes regulatory comprehension, technology, effective collaboration, critical thinking, analytical prowess, risk management, and strong communications skills. US Citizenship is required to apply. This is a remote-telework role.

Essential Responsibilities:

• Develop Assessment and Authorization (A&A) packages for various systems.
• Oversee cybersecurity change management and end user support for compliance and risk.
• Craft, validate, and document necessary cybersecurity information such as System Security Plan (SSP), Privacy Impact Assessment (PIA), Configuration Management Plan (CMP), Plan of Action and Milestones (POA&M), and Standard Operating Procedures (SOP) as necessary.
• Perform cyber assessments and audits as directed.
• Lead discussions with various teams, both internal and external, around data compliance and risk efforts.
• Provide expertise to system administrators, engineers, and Information System Security Manager (ISSM) to create or update system/site policies, procedures, and process guides.
• Consult with and brief executive management on compliance and risk matters.
• Create, maintain, and provide metrics and status reports to cybersecurity leadership.
• Travel up to 25%.
• Perform all other position related duties as assigned or requested.

Knowledge, Skills, and Abilities:

• Demonstrated experience in technology assessments, handling multiple assignments and finding mutually acceptable solutions to security problems, preferably within the defense or government contracting industry
• Demonstrated experience recommending and devising cybersecurity controls to mitigate risk
• Demonstrated experience in policy research and applying it to developing policies and procedures related to cybersecurity technology
• Knowledge of DFARS and NIST publications and their relevancy to compliance and risk.
• Demonstrable strong written and verbal communications.

Minimum Qualifications:

• Must be a U.S. Citizen
• Bachelor’s degree in IT, Cybersecurity, or a related field. Two years in related field can be substituted for each year of the four years of college.
• Minimum of five (5) years of experience in performing cybersecurity assessments to include three years of hands-on experience in IT risk management or three years of cybersecurity in Federal Government environments
• Certification of one of the following:

• CompTIA Network+, Security+ certified or equivalent
• CISSP
• Microsoft Azure Security Engineer Associate certified or equivalent

• Experience with common cybersecurity tools and platforms such as Nessus, Microsoft GCCH / O365, Microsoft Azure Gov, Microsoft Defender, Fireeye products, email protection platforms, and Palo Alto products.
• Ability to read, understand, and document network infrastructure in logical diagrams, data flow diagrams, security boundaries.

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran’s status, ancestry, sexual orientation, gender identity, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal EEO laws and supplemental language at EEO including Disability/Protected Veterans and Labor Laws Posters.