Cybersecurity Risk Analyst

As a Cybersecurity Risk Analyst at Amentum, key responsibilities include developing Assessment and Authorization packages, overseeing cybersecurity change management, producing vital cybersecurity documentation like System Security Plans, conducting cyber assessments, and leading discussions around data compliance. You'll also assist system administrators and brief executive management on risk matters, ensuring that cybersecurity policies are well-crafted and in compliance with required regulations.

To apply for the Cybersecurity Risk Analyst position at Amentum, you must be a U.S. Citizen with a Bachelor’s degree in IT, Cybersecurity, or a related field. You'll also need at least five years of experience in performing cybersecurity assessments, including three years in IT risk management. Additional certifications such as CompTIA Security+, CISSP, or equivalent are required, alongside familiarity with tools like Nessus and Microsoft Azure.

Success as a Cybersecurity Risk Analyst at Amentum hinges on several key skills, including regulatory comprehension, strong analytical and communication skills, and a solid understanding of risk management practices. Experience with cybersecurity assessments and the ability to translate technical details for broader audiences, including executive management, is crucial for this role.

Yes! The Cybersecurity Risk Analyst role at Amentum is fully remote-telework, allowing you the flexibility to excel in your position from anywhere within the U.S. You'll be connected with teams and stakeholders through collaborative tools while enjoying the benefits of a remote workplace.

Advancing your career as a Cybersecurity Risk Analyst at Amentum can be achieved through continuous professional development, obtaining additional relevant certifications, and actively participating in cross-functional projects. Engaging with colleagues, expanding your skill set in emerging technologies, and showcasing your contributions to cybersecurity compliance and risk mitigation can help position you for future leadership opportunities.

In developing an Assessment and Authorization package, it’s essential to understand the system's security requirements and operational environment. You'll begin by documenting the system’s architecture, identifying the security controls in place, and conducting a thorough assessment to ensure compliance with regulations. It's important to describe how controls mitigate risks and detail any remaining vulnerabilities. Presenting this information clearly will be crucial during the submission and review process.

Staying updated with cybersecurity regulations requires a proactive approach. I regularly follow industry news, join professional organizations, participate in webinars, and engage with cybersecurity forums. I also review newsletters from trusted sources such as NIST and DFARS. Continuous learning helps me ensure that my knowledge is current and that I can effectively advise on compliance matters.

I'm experienced with a range of cybersecurity tools including Nessus for vulnerability scanning, Microsoft Defender for endpoint security, and Palo Alto firewalls for network protection. Additionally, I have proficiency with Microsoft Azure services, which are critical for compliance and security assessments in cloud environments. Discussing specific use cases in past projects can demonstrate my hands-on experience with these platforms during the interview.

My approach to risk management in cybersecurity involves a systematic assessment of potential vulnerabilities, evaluating the impact and likelihood of threats, and developing a prioritized action plan for mitigation. Collaboration with technical teams is crucial for implementing security controls effectively, and continuous monitoring of the system ensures that new threats are addressed promptly.

Documentation of cybersecurity processes and procedures involves creating clear, concise, and accessible materials that outline each step in detail. I typically start with a template for consistency, ensuring that I include objectives, the scope of the procedure, roles involved, and any references to compliance standards. Regular reviews and updates keep the documentation relevant and useful for training new team members.

During a previous engagement, I led a comprehensive cybersecurity assessment of our network infrastructure. I gathered a cross-functional team to identify possible vulnerabilities, executed tests to assess compliance with our established baseline, and documented the findings in a detailed report. This experience honed my skills in stakeholder engagement and cemented a culture of collaboration in addressing cybersecurity challenges.

I tailor my communication style when discussing complex security matters with non-technical stakeholders by avoiding jargon and focusing on the implications and benefits of cybersecurity initiatives. By using analogies and real-world examples, I can explain technical concepts clearly, ensuring that everyone understands the importance and necessity of our cybersecurity measures.

I've had significant experience leading discussions concerning compliance and risk management. I facilitate meetings with both technical teams and executive stakeholders to present the current risk landscape, discuss mitigation strategies, and answer any questions. My goal is to create a shared understanding so that we can collectively address compliance requirements and enhance our cybersecurity posture.

When managing multiple cybersecurity projects, I prioritize tasks based on their urgency and impact on our overall security objectives. I utilize project management tools to track deadlines, milestones, and resources. Regular check-ins with team members ensure alignment on priorities, allowing us to adapt as necessary while maintaining focus on high-impact tasks.

I have a solid background in consulting with executive management regarding compliance issues. I believe it’s crucial to present data-driven insights and recommendations clearly and succinctly. In my previous role, I prepared executive briefs on compliance risks and mitigation strategies, which played a pivotal role in securing approval for new cybersecurity initiatives.