Cyber Security Analyst (Continuous Monitoring)

Jefferson City, MO, United States

Position Description:

Mathematica applies expertise at the intersection of data, methods, policy, and practice to improve well-being around the world. We collaborate closely with public- and private-sector partners to translate big questions into deep insights that improve programs, refine strategies, and enhance understanding. Our work yields actionable information to guide decisions in wide-ranging policy areas, from health, education, early childhood, and family support to nutrition, employment, disability, and international development. Mathematica offers our employees competitive salaries, and a comprehensive benefits package, as well as the advantages of being 100 percent employee owned. As an employee stock owner, you will experience financial benefits of ESOP holdings that have increased in tandem with the company’s growth and financial strength. You will also be part of an independent, employee-owned firm that is able to define and further our mission, enhance our quality and accountability, and steadily grow our financial strength. Learn more about our benefits here.

We are looking for a Cyber Security Analyst (Continuous Monitoring), who will be responsible for the ongoing monitoring of our organization's security controls and systems. This individual will also be responsible for monitoring and interfacing with internal and client project teams and agencies on the continuous monitoring activities for both FedRAMP and ATO systems. This role will play a crucial part in our cybersecurity strategy, ensuring that our defenses are always up-to-date and effective.

Responsibilities:

Regularly monitor and analyze the organization's security controls and systems to detect any anomalies or potential threats.

Responsible for compiling and submitting security authorization packages for 3PAO and Agency review and assessment in accordance with NIST 800-37 standards.

Prepare assessment and risk reports for government agency clients.

Work collaboratively with system owners and systems teams to respond to findings and identify and work with teams to remediate or document mitigating controls.

Conduct, evaluate and analyze vulnerability results, audit events and configuration deviations from approved tools and services.

Review documentation and artifacts presented by systems leads for accuracy and completeness.

Work with project teams to identify and document methods for improving the continuous monitoring process.

Maintain robust continuous monitoring programs utilizing guidance and compliance from NIST 800-37.

Maintain a solid understanding of the NIST Continuous Monitoring requirements and work with leadership on required updates to our processes and procedures.

Participate in monthly reviews with the larger security and compliance teams to validate that our planned and implemented security controls are aligned with the organizational risk tolerance.

Respond to security incidents promptly and manage the incident response process.

Generate regular reports on security status, incidents, and risks for management review.

Update the POA&M documentation along with any relevant artifacts and evidence required.

Risk Assessment: Conduct risk assessments and recommend mitigations to manage identified risks.

Assist in the development and updating of security policies and procedures.

Position Requirements:

A bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required. A master's degree is preferred.**

Minimum of 3 years of experience in Compliance frameworks including NIST/FedRAMP and SOC2.

A combination of equivalent education and work experience may be substituted for the above requirement.

Experience with cloud security and cloud-based tools is a plus.

Experience participating in a Vulnerability Management program.

Familiarity with a Security Information and Event Management (SIEM) tool for querying data.

Familiarity with automation tools and techniques for security monitoring.

This position offers an anticipated annual base salary range of $75,000 - $100,000.

To apply, please submit a cover letter, resume, location preference, and salary expectations. To choose "remote" as your location, select "no preference."

As a federal government contractor, all staff working in our central ITS group with access to corporate computer systems are required to successfully undergo a background investigation and/or security clearance as a condition of employment.

/ STAFFING AGENCIES AND THIRD PARTY RECRUITERS:// Mathematica is not accepting candidates for this role or any technical role from staffing agencies or third party recruiters. Please do not contact technical or senior staff at Mathematica or share unsolicited resumes. All agency inquiries go through the talent acquisition team and will be routed accordingly. /

* *

Available Locations: Washington, DC; Princeton, NJ; remote

#remote-usa

#LI-NN1

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.