Applied Memetics LLC

  • Cyber Security Analyst, Senior (Access Control SME)

    Job Locations US-VA-Chantilly
    Job ID
    Information Technology
  • Overview

    The CRM Access Control SME position requires an in-depth knowledge of and experience with the Risk Management Framework (RMF) as described in NIST 800-37. The position is responsible for understanding, reviewing, and interpreting FISMA risk assessment results to reduce technical risks. The position is responsible for understanding the threat, vulnerability, and patch management processes, how to perform basic risk discovery, handling of common issue types, and reporting activities.


    • Requires frequent travel
    • Executing reviews of RMF Security Controls to ensure FISMA and NIST compliance
    • Provides information security technical expertise and matrix management to support the Department of Veterans Affairs (VA) Field Security Service (FSS) and Office of Cyber Security (OCS)
    • Support with the audits, risk assessment, operational assessment, data call, Assessment Authorization (A&As) including attending meetings, validating information, responding to data collection requests, responding to technical questions and achievement goals
    • Conducts audit to ensure processes & deliverable to the stakeholders meet the VA mission and objectives
    • Assists with the pre-IG audit with applying the VA Handbook 6500 Risk Management Framework at each to assess, document, and remediate information security issues prior to FISMA audits by the OIG, through working directly with VA FSS and OCS
    • Provides training and guidance to facility chief information officers (FCIOs), FSS Information Security Officers (ISOs), and their associated staff on enterprise best practices for identifying information system security weaknesses and creating workable Plans of Action and Milestones (POA&Ms) for assigned control family
    • Applies knowledge of security principles, policy and regulations to daily tasking.
    • Researches policies, procedures, standards, and guidance, and recommends needed changes under specific conditions for the protection of information and information systems
    • Experience with Cyber Security document management and familiarity with security and privacy rules


    • Bachelor’s Degree with five (5) or more years of experience in security field using RMF required in a security, computer science, or another related field or Master’s Degree in Business with 15+ years of relevant experience is a strong plus
    • For the Bachelor’s level, eight (8) years of additional, relevant experience may be substituted for education
    • For the Master’s level, 10 years of additional relevant experience may be substituted for education
    • Experience with Cyber Security Policy
    • Must be well versed in Cyber Security Tools, network topologies, intrusion detection, PKI, and secured networks
    • Must have familiarity and experience in the implementation of cyber security regulations.
    • Strong understanding of NIST 800 and VA Handbook 6500 Risk Management Framework
    • Must be a team player
    • Must be willing to take on other tasks as assigned
    • Proven experience executing assessment activities using RMF
    • Experience related to Application security, code security, vulnerability and risk assessments, security policy development and review, general IT and security controls development, compliance readiness (i.e. NIST 800- Series, DIACAP, FISMA, FedRAMP, FIPS) and technical security architecture/design/development/implementation
    • Experience performing vulnerability assessments and information security control audits
    • Familiarity with enforcing security policies and recommending revisions to policies to ensure proper IT security
    • Good understanding of security awareness training to users and IT Personnel and Business Continuity plans and processes
    • Excellent written and verbal communication skills
    • Experience with network and application security testing tools and scripting languages.
    • CISSP, CISA, GIAC, or Security+ certification a strong plus
    • Ability to effectively leverage vast detailed knowledge and familiarity with security control family disciplines
    • Ability to facilitate and coordinate efforts with key government and non-government stakeholders
    • Ability to work with minimal supervision
    • Ability to obtain a security clearance
    • Demonstrate strong quantitative, analytical and conceptual thinking skills
    • Must work well within a time-sensitive environment
    • Good leadership qualities to instruct and lead other analysts
    • Frequent travel required
    • Veterans Affairs experience and an active PIV card are a strong plus


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!