Cyber Security Analyst

MANTECH seeks a motivated, career and customer-oriented Cybersecurity Analyst to join our team in Virginia Beach, VA. This is a full time, hybrid position. 

As a Cybersecurity Analyst you will provide direct support to the Advance Electronic Systems (AES) team and its customers in support of Risk Management Framework (RMF) activities. This hybrid role combines hands-on system administration (implementation, deployment, and operations) with ISSO responsibilities, including security control implementation, continuous monitoring, and RMF compliance. You will serve as the point of contact for all IT and cybersecurity related matters, including system configuration, deployment, security control implementation, and compliance activities. 

Responsibilities include, but are not limited to:  

• Prepare for Risk Management Framework (RMF) execution and perform system categorization by conducting comprehensive mission analysis, defining the authorization boundary with detailed network diagrams, hardware/software inventories, and data flow documentation. Determine mission criticality and apply relevant overlays to establish the appropriate security control baseline per NIST SP 800-53 Rev 5 and DoD/Navy policy. 

• Select, tailor, implement, and test security controls using DISA STIGs, SRGs, SCAP, ACAS/Nessus vulnerability scans, and NIST SP 800-53A Assessment Procedures. Execute full-scope testing, validate configurations and access controls, and document implementation status, test results, and evidence in eMASS. 

• Assess the effectiveness of security controls by verifying Assessment Procedures across the authorization boundary. Conduct independent testing, document findings in eMASS, and manage POA&M entries with complete risk analysis. 

• Support system authorization by maintaining a complete and accurate RMF package in eMASS, including the SSP, POA&M, and supporting documentation. Coordinate workflow actions for Authorizing Official decision-making. 

• Conduct continuous monitoring by implementing the System Level Continuous Monitoring (SLCM) Strategy. Perform quarterly vulnerability scans, apply STIG updates, conduct Annual Security Reviews (ASRs), and update the SSP and POA&M to reflect changes in risk posture. 

• Provide guidance on RMF compliance, risk management, and security strategies across all RMF steps. Advise leadership on emerging threats, control gaps, and mitigation priorities 

• Execute the full System Development Life Cycle (SDLC) from initial receipt of hardware/software through decommissioning. Plan system requirements by analyzing mission needs, hull-type variants, and RMF constraints; help define acceptance criteria and configuration baselines. 

• Design tailored system architectures and Secure Host Baseline (SHB) images using Microsoft Deployment Toolkit (MDT), Windows Assessment and Deployment Kit (ADK), and Group Policy. Develop PowerShell automation for naming conventions, policy enforcement, and post-build validation scripts to meet platform-specific requirements. 

• Deploy configured systems to operational units with high-reliability handoff. Create deployment media, coordinate imaging operations, provide on-site or remote deployment support, and perform post-deployment validation to ensure operational readiness and mission continuity. 

• Operate and maintain systems in steady-state. Perform ACAS/Nessus scanning, patch management, trouble ticket resolution, and vendor coordination. Update Standard Operating Procedures (SOPs), Fleet Advisory Messages (FAM), and lessons learned. 

• Retire and decommission systems at end-of-life. Execute data sanitization per DoD 5220.22-M, hardware disposition, and documentation closeout. 

Minimum Qualifications:  

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Information Systems, or related field or 4 years of additional Cyber Security experience in leu of degree 

• 2+ years of combined experience in RMF processes and secure system implementation and maintenance in DoD environments

• Security+ CE certification with documented ACAS and eMASS training

• Hands-on experience with eMASS for RMF package management, POA&M maintenance, and risk assessment. 

• Proficiency with ACAS/Nessus vulnerability scanning, analysis, and remediation of findings from DISA STIGs, SRGs, and SCAP 

• Proficient in Microsoft Office Suite (Word, Excel, PowerPoint, Teams, SharePoint). 

Preferred Qualifications:  

• Familiarity with network topology documentation in air-gapped environments

• 1+ year executing full SDLC in DoD environments

• Certified in Governance, Risk and Compliance (CGRC), CompTIA SecurityX, Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP) (or Associate)

• Knowledge of Operational Technology (OT) systems and RMF application in OT environments

Clearance Requirements: 

• Must be US Citizen and hold an active Secret Security Clearance 

Physical Requirements:  

• Must be able to remain in a stationary position 50%. 

• Often positions self to maintain computers in the lab, including under the desks and in the server closet. 

• May be asked to move Audio/Visual or Computer equipment. 

• Frequently communicates with co-workers, management, and customers, which may involve delivering presentations.