Seeking top talent to join our growing Itility team. ITility is seeking a Senior Cyber Security Analyst to join our talented team members to provide overall support to the United States Military Entrance Processing Command (USMEPCOM) remotely but with occasional travel to Waukegan, IL in the Great Lakes area.

ITility is a Service Disabled Veteran Owned Small Business with a passion to equip our nation’s armed forces and first responders with the very best to empower their missions. From the virtual battlefield to boots on the ground, our people, processes, and performance drive our ability to help our clients protect what matters, now and for generations to come.  We provide enterprise IT support to USMEPCOM, a Major Command of the United States (U.S.) Department of Defense (DoD), which screens and processes applicants into the U.S. Armed Forces. USMEPCOM is the vital link between recruiting and training armed forces and operates 65 Military Entrance Processing Stations (MEPS) located throughout the U.S.

At ITility, we help our customers command the future by thinking beyond perceived limits to create new, unexpected ways to protect and defend our nation. We inspire and empower people to create significant solutions that secure what matters to our customers and communities, here and around the globe.

We Value:

• The Drive to Perform Beyond Perceived Limits.
• The Desire to Find Significance in All We Do.
• The Passion and Compassion That Powers Both.

Successful candidates will possess expert knowledge and in-depth experience with: 

• Application and system assessment, determination of accreditation requirements (Assess Only, ATO, IATT, etc.).
• Categorization of information systems and/or data types IAW NIST SP 800-60 Vol II.
• Establishment of Security Requirements Traceability Matrix which identifies applicable DISA STIGs and SRGs.
• Selection of security controls per NIST SP 800-53 and CNSSI 1253.
• Writing System Security Plan (SSP), associated security controls assessment artifacts, and PO&AMs.
• Assessing DISA STIGs and SRGs; especially the Application Security and Development (ASD) STIG.
• Management of security controls assessment artifacts in DoD eMASS in preparation of packages for RMF (DoDI 8510.01, NIST SP 800-37) processes.
• Evaluation of security controls per NIST SP 800-53A.
• Creating and submitting ATO packages in DoD eMASS.
• Performing continuous monitoring per NIST SP 800-137.
• Providing recommendations for security improvements including risk reduction and mitigations.
• The development and security of cloud-based applications and systems.
• Expert knowledge of secure software development practices.
• Deep understanding of cloud security best practices.
• Deep understanding of evolving attack vectors, scripting, and development skills.
• Experience with private or government cloud deployments and services, including AWS, Azure, GCP.

Required Qualifications include: 

• Current CISSP or equivalent DoD 8570 IAM II certification (or obtain within 6-months). 
• 10+ years’ experience assessing information systems utilizing the Risk Management Framework (RMF) and creating and submitting packages in DoD eMASS to obtain ATOs in a DoD environment.  
• 5+ years' experience performing STIG assessments.  
• 5+ years' experience assessing and/or securing cloud-based systems and infrastructure. 
• 5+ years' experience as an Application Developer or Server Administrator.  

ITility is committed to providing a work environment that is non-discriminatory, harassment free, fair, ethical and inclusive.

ITility is committed to the principle of equal employment opportunity, and complies with all applicable laws which prohibit discrimination and harassment in the workplace. ITility strictly prohibits discrimination or harassment based on race, color, religion, national origin, sex, age, disability or any other characteristic protected by law in all terms, conditions and privileges of employment, including without limitation, recruiting, hiring, assignment, compensation, promotion, discipline and termination. This policy covers conduct occurring at ITility’s offices, client sites, other locations where ITility is providing services, and to all work-related activities.