BAM Technologies, LLC
Cybersecurity Analyst
BAM Technologies, LLCUnited States2 days ago
Full-timeRemote FriendlyInformation Technology
Cybersecurity AnalystBAM is a dynamic, multi-disciplinary firm with leading-edge skills in information technology, software development and applied research. Serving government and commercial markets, BAM is committed to its customers and to delivering strong leadership, sound solutions, and innovative thinking. The Cybersecurity Analyst is responsible for protecting BAM’s assets by identifying, analyzing, and mitigating cyber threats. This role involves a combination of technical skills, security- focused thinking, and collaboration with members of the Cybersecurity Engineering team, Developers and Operations personnel. The Cybersecurity Analyst proactively monitors security systems for vulnerabilities and isolated incidents. Prospective employees should have a strong understanding of cyber security principles, best practices, and communication with technical and non-technical stakeholders.Requirements: Essential Job Functions
  • Develop and update security authorization packages and relevant documentation, including the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan and others as necessary.
  • Contribute to the development and maintenance of security policies, standards, and procedures to ensure a strong security posture.
  • Ensure documentation is up-to-date and reflects current best practices.
  • Support compliance efforts by conducting security audits, gathering evidence, and preparing reports to demonstrate adherence to industry standards and regulations.
  • Assist with the development and implementation of compliance frameworks.
  • Work closely with the Cyber Engineer, development, operations, and compliance teams to integrate security best practices into applications, infrastructure, and business processes. Communicate effectively with both technical and non-technical stakeholders.
  • Provide regular reports on security posture, incident response activities, vulnerability management progress, and other key metrics to management.
  • Monitor security tools and logs for suspicious activity, investigate security alerts, and participate in incident response efforts, including containment, eradication, and recovery.
  • Contribute to post-incident analysis to identify lessons learned and improve future response strategies.
Qualifications:
  • Bachelor’s degree in Computer Science/Cybersecurity or relevant field
  • 4+ experience in developing and implementing systems information security standards and procedures in the DoD enterprise and cloud environments (GovCLoud, IL4/IL5)
  • Proven expertise with DISA STIGs, NIST SP 800-53 security controls, and the DoD Risk Management Framework (RMF)
  • Familiarity with securing CI/CD pipelines
  • Familiarity with DevSecOps software factories
  • Familiarity with cloud and container security
  • Security+ Certification or other IAT Level II certification
Skills:
  • Vulnerability management and analysis expertise
  • Experience contributing to DevSecOps teams
  • Experience in a Secure Software Development Lifecycle environment
  • Knowledge of analyzing source code (SAST/SCA)
  • Secure Software Design and Implementation
  • Demonstrated proficiency in reading comprehension by distilling complex technical information into clear, concise, and actionable content
  • Strong writing skills with experience drafting executive summaries, leadership reports, and technical documentation tailored to both technical and non-technical audiences
Preferred Skills (not mandatory but a plus):
  • Amazon Web Services (AWS)
  • Familiarity with Agile development (Scrum/Large-Scale Scrum)
  • Experience with a SIEM to monitor application and infrastructure security
This is a remote work position.MC&FP

Key Skills

Ranked by relevance
Apply