Senior Cybersecurity Analyst

Aerstone seeks a Senior Cybersecurity Analyst to lead independent assessments of customer security controls based on the NIST Risk Management Framework (RMF). Assessed boundaries vary and typically include applications, cloud systems, general support systems, infrastructure, service delivery offerings, and other enterprise information systems.

Quest Consultants LLC DBA Aerstone is a cybersecurity firm based in the D.C area that supports a work-from-home model with team members based anywhere in the United States.  The majority of engagements are remote-based and anticipated travel is estimated at less than 20%.

The ideal candidate will have the ability to blend technical, organizational, business, and cyber security skillsets to lead security control assessments. Duties will include:

• Project planning


• Coordination with customers and peers


• Review of system security plans and related documentation


• Interviewing subject matter experts and other key personnel


• Performing in-depth risk analysis


• Reporting

The successful candidate will possess:

• 7+ years of experience working with security related concepts across different system tiers including applications, operating systems, databases, network infrastructure, and cloud services


• Experience with risk-based control assessment methodologies, including risk identification (threats sources and threat events), risk analysis (likelihoods and impacts), evaluation, and remediation


• Excellent writing skills and reporting capabilities.


• CISSP certified or the ability to work towards obtaining the certification


• Demonstrated ability to lead multiple projects simultaneously and to work in a highly dynamic, rapidly changing environment


• Knowledge of threat modeling techniques and methodologies


• Experience developing assessment reports that effectively and concisely communicate results and risks to a variety of stakeholders


• Excellent interpersonal, communication (written and verbal), organizational, and analytical skills


• Excellent consultative skills and the proven ability to work effectively with business partners, internal management and staff, vendors and consultants


• Proven ability to communicate technical issues to technical and non-technical business partners


• Experience preparing and leading assessment interviews of highly-technical information systems


• Strong attention to detail, both in reviewing system documentation and creating reports


• Experience leading or assisting with security risk assessments or cyber security related initiatives/projects


• Strong project management skills with experience managing a portfolio of engagements


• Demonstrated ability to serve as risk assessment subject matter expert (SME)

Preferred skills and knowledge:

• 7+ years of experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols


• Expert knowledge of NIST SP 800-53 Rev 4 and experience executing assessments against it


• Subject matter expertise of one or more industry risk management frameworks, such as NIST SP 800-30, NIST SP 800-39, ISO 27005/31000, CMMC, & PCI


• Familiarity with cloud platforms and the customer shared responsibility model


• Familiarity with FISMA, FedRAMP, and NIST SP 800-series publications


• Experience assessing cloud-based information systems


• Strong technical experience, including reporting and representing findings from technical tests


• Experience with MS Project or other project management tools

Other tasks may include:

• Representing the company in formal customer interactions


• Coordinating with other cybersecurity teams as necessary


• Performing other duties as assigned
  

Years of Experience Required: 7+ years

Education Requirements: Bachelor’s degree

Clearance Requirements: Ability to gain and maintain an agency public trust clearance.  TS clearance a plus.

Desired Certifications:

CISSP, CISA, PMP, and/or CySA+ certifications

PCI QSA certification a plus

Cloud Certifications of Note:

CCSP (ISC2), CCSK or CCAK (CSA), AWS Cloud Practitioner, MS Azure Fundamentals

About Aerstone

Aerstone is a Service-Disabled Veteran-Owned Small Business (SDVOSB) with office locations in Maryland and Northern Virginia. Aerstone provides work from home opportunities, excellent health benefits, and certification & training opportunities for its employees.

EEOC:

Equal Employment Opportunity has been, and will continue to be, a fundamental principle at Aerstone, where employment is based upon personal capabilities and qualifications without discrimination because of race, color, religion, sex, age, national origin, familial status, disability, veteran status, sexual orientation, health/genetic information, or any other protected characteristic as established by law.

In compliance with federal EEOC regulations, the selected employee will work on a cleared contract and therefore be required to hold U.S. citizenship.