Chenega Corporation Jobs

Job Information

Chenega Corporation Cyber Security Analyst in Alexandria, Virginia


Remote 2 days a week. Could got back to no telework after Covid.

The Cyber Security Analyst will provide expert consultation across a wide range of cross-functional areas of Cybersecurity (CS) services. The Cyber Security Analyst will provide project planning, guidance, and technical expertise in the following areas: program, policy, process, and planning, risk management, auditing, and assessments, Assessment and Authorization (A&A), and quality planning and control of all products.


  • Create security engineering data flow designs supporting all aspect of Information Assurance and Information Security (InfoSec).

  • Assess and provide mitigation plan for system security threats/risks throughout the program life cycle and validate system security requirements definition and analysis

  • Proficiently manage and enforce security strategies and policies.

  • Assist with development and maintain Operational Level Agreements (OLAs) and end-to-end Standard Operating Procedures (SOPs), to identify collaborative responsibilities and support process interaction with other government and contractor IT groups.

  • Develop and maintain a detailed policy matrix mapping federal, DoD, and local policies to the required security controls as identified by National Institute of Standards and Technology (NIST) SP 800-53 and DoDI 8510.01.

  • Documents include but are not limited to:

  • Standard Operating Procedures (SOPs)

  • Agency Training (e.g., cyber awareness, computer incidents, malicious codes, etc.)

  • Contingency Plan

  • Security Assessment Report (SAR)

  • Cybersecurity Instruction

  • Concept of Operations (CONOPS)

  • Incident Response Plan (IRP)

  • Configuration Management Plan (CMP)

  • System Authorization Access Request (SAAR)

  • Vulnerability Management Plan

  • System Security Plans (SSP)

  • Plan of Actions and Milestones (POAMs)

  • Administer CS training, including the annual Cyber Awareness Challenge training per DoDD 8500.1 and compliance with the requirements of DoDD 8570.1 and DoD 8570-M for the IA Workforce Improvement Program (WIP).

  • Provide operational risk management support for CS managed systems, whether networked or standalone.

  • The networks include varying security classifications, architectures, mobile devices, Virtual Private Networks (VPNs), and other remote access architectures and technologies, including Secure Socket Layer.

  • Provide CS’s portion of the Tier 3 Computer Network Defense (CND) services in accordance with DoDI O-8530.2, CJCSI 6510.01E, and CJCSM 6510.01.

  • Support enterprise level Information Assurance Vulnerability Management (IAVM) and DoD Reporting Management and Support, including vulnerability management oversight activities for all assets in the “Test” and “Production” enclaves and all standalone systems.

  • Participate in the CS change management process, including attending the weekly Enterprise Change Control Board (ECCB) meetings, reviewing Requests for Change (RFCs) distributed in email, and performing risk assessments on hardware and software.

  • Evaluate all newly deployed servers and applications in the “Test” and “Production” enclaves and verify that the asset entries have been created in the DoD DPMS and ensure vulnerabilities have been mitigated and STIGs have been applied.

  • Review applications by performing an automated and/or manual scan of the application code and report findings in the application code scan to the SA for developer or remediation.

  • Plan and execute compliance and Assessment and Authorization (A&A) activities in support of CIO’s role as AO for client and its subcomponents, including the following tasks:

  • Perform system registration in eMASS on behalf of the system owner.

  • Perform system registration in DITPR on behalf of the system owner.

  • Update eMASS with IA Controls on behalf of the system owner.

  • Update eMASS POA & M information when required on behalf of the system owner.

  • Test and Validate NIST 800 53 rev 4 Security Controls.

  • Provide support to the DoD Risk Management Framework (RMF) for all Information Systems (IS), enclaves, and application systems under the purview of the CIO per DoDI 8510.01.

  • Other duties as assigned


  • Bachelor's degree required

  • Degree in Computer Science, Cyber Security, or a related field is preferred

  • 10+ years of demonstrated experience in Information Technology (IT) with at least 5 of those 10 years managing IT projects or programs focused on interpreting and applying DoD Cybersecurity (CS) policy and guidance to operational DoD IT environments

  • Experience in at least 8 of the following 15 areas of expertise:

  1. Current Microsoft server and workstation OS security configurations

  2. Current Red Hat Linux Enterprise OS security configurations

  3. Current Unix OS security configurations

  4. Current Microsoft server and desktop application security

  5. VMWare security

  6. Database security (e.g., Oracle, MS SQL, MS Access)

  7. Border device security (e.g., firewall, VLANs, IP Subnetting, Ports and protocols)

  8. Encryption standards

  9. Vulnerability scanning using approved DoD scanner

  10. Application code scanning with Fortify or other industry standard product

  11. HBSS monitoring

  12. Auditing (e.g., system accounts, security logs, system and network anomalies)

  13. Working knowledge of DoD Components

  14. Metrics – capture and documentation

  15. Technical writing – technical documents and user training materials

  • Experience required includes the analysis, design, and implementation of security procedures of hardware and software on complex, large-scale systems in an enterprise environment

  • Average literacy with MS Office suite applications of Outlook, Word, Access, and PowerPoint

  • Proficiency with Excel to perform data evaluation, formulas, and analytics (e.g., able to transfer presentation graphics from Excel into PowerPoint or Word)

  • Must have and maintain: DoDD 8570.1/DoD 8570.01-M certification requirements for the IA Manager (IAM) Level II or DoDD 8570.1/DoD 8570.01-M certification requirements for IAT III

  • Secret clearance required

  • The position requires a COVID vaccination or an approved accommodation/exemption for a disability/medical condition or religious belief

Knowledge, Skills and Abilities

  • Knowledge and experience with current NIST Federal Information Processing Standards (FIPS) and Special Publications (SP): SP800-18, SP800-37, SP800-53, SP800-53A, SP800-60, FIPS-199, FIPS-201 and FIPS-140-2, DoDI 8510.01, and other DoD and IC policies and their application to enterprise IT security.

  • Knowledge and experience with federal and industry standard Cybersecurity Frameworks, like NIST, FEDRAMP, FISMA, GDPR, HIPPA, COBIT, CIS, and CISQ.

  • Able to provide integration of security requirements into customer process improvement efforts according to the security policy framework.

  • Knowledge of IT security strategy, cyber security, and compliance and risk management to include IT security.

  • Knowledge and experience in security testing and security management using tools, like NESSUS and HP Web Inspect.

  • Proficient knowledge of EMASS, SNAP, DITPR, PPSM, and other DoD authoritative databases.

  • Must have advanced working knowledge of a variety of computer software applications in word processing, spreadsheets, and database (MSWord, Excel, Access, PowerPoint, and Outlook).

#Chenega Decision Sciences, LLC

Chenega Corporation and family of companies is an EOE.

Equal Opportunity Employer/Veterans/Disabled

Native preference under PL 93-638.

We participate in the E-Verify Employment Verification Program