Native Hawaiian Veterans, LLC (NHV) is a tribally-owned business; an Underutilized Disadvantaged Business Enterprise (UDBE); and Minority Business Enterprise (MBE) that provides services, solutions, and products in the areas of Homeland Security, Emergency Management, Information Technology, Communication Equipment, Professional Staff Augmentation, Munitions and Explosives of Concern (MEC) Remediation, and Strategic Communications/Creative Services.

Cayuse and our family of companies are 100% Indian Small Business Economic Enterprises (ISBEE) wholly owned by the Confederated Tribes of the Umatilla Indian Reservation (CTUIR). Specifically, within our Government Operations, we offer diverse business lines and workforce while providing solutions for federal, state, and local clients throughout the world. Cayuse's comprehensive program management, mission support, and technology solutions are ideally positioned to help our clients advance their goals.

Primary Focus

Cayuse is seeking a Continuous Diagnostics and Mitigation (CDM) Vulnerability Analyst and Tanium SME to provide support to the Applied Cybersecurity initiative in the Department of State, Bureau of Diplomatic Security. This role encompasses two linked Cybersecurity responsibilities and a variety of information security expertise. This is a highly critical role in documenting the Bureau's Cybersecurity Posture.

Primarily the role will focus on developing CDM reporting and software for Department of State that coordinates with data already collected supporting the DHS CDM program. Candidate needs to have information security expertise, produce CDM reports to support vulnerability management described here, as well as Software Security analysis, meets the configuration standards. This hands-on position requires frequent interfacing with development and business teams to create documentation and training; translate policy requirements into day to day operational requirements; ensure compliance with federal regulations; and optimize current Cyber processes to ensure rapid adoption across bureaus and other entities within the Department.

Secondarily, one of the key sources of data for this position is data collected through Tanium. The Security analyst needs to use data from Tanium to identify and assess security risks, analyze security data, and develop and implement security strategies to protect an organization's technology infrastructure and data. Other sources of interest for this analysis include Microsoft MECM, MS Defender, Splunk.

The second part will include managing Tanium Endpoint Protection. This role requires experience with Tanium architecture, deployment methods, and Tanium appliances. Experience with distributing application and software packages using Tanium. Experience with software discovery and reporting using Tanium. Experience with systems administration, troubleshooting, installation, and configuration, monitoring system performance, or performing application upgrades, which includes either hands-on experience or managerial experience. Knowledge of Tanium module, including Asset, Comply, Connect, Deploy, Discover, and Patch. Ability to provide Tanium support in IT operations and maintenance, including ticketing, issue response, and remediation.

Responsibilities

Build a threat/situational awareness dashboard for senior executives to have access to CM data

Perform continuous monitoring activities

Understand and advise on vulnerabilities common to Bureau equipment

Upon identification of a vulnerability, advise on impact and on mitigation strategies, and track the follow-through to completion

Qualifications:

A Bachelors degree in a relevant field of study from a fully accredited institution. (Advanced degree preferred but not required)

Must have a minimum of 5 years of Cybersecurity experience (or less with a Masters degree)

Experience with vulnerability assessments, vulnerability management, and running dashboards

Flexibility and recognition that this is a fast-paced, changing environment

Strong communication, organizational, analytical, and problem-solving skills

Ability to support and manage multiple concurrent projects with shifting priorities in a fast-paced, deadline driven environment

Strong organizational skills

Ability to work in a team environment in support of the Bureau's mission

Mastery in use of personal computers with extensive experience using Microsoft Office Suite; familiarity with web-based applications including Microsoft Teams a plus

Top Secret Clearance

Duties

Leverage knowledge of U.S. federal government cyber mandates, directives, standards and industry best practices and threat intelligence in shaping Department policy.

Create or establish security standards/baselines for cloud-based platforms

Influence the Bureau Architecture with security processes and standards, creating data access and compliance dashboards.

Understand and track data dependencies and encryption policies at rest, in transit, how it's used in applications, including data retention and privacy policies with regard to PII collection.

Influence Security processes and standards to enhance, automate and monitor security controls in accordance with established Department guidelines

Influence a security baseline across platforms.

Evolve Bureau policies and practices to reflect changes in technical cyber threats.

Assist in the definition and maintenance of cybersecurity policies and standards.

Identify key cybersecurity controls required based on an understanding of the agency's cybersecurity risks and business objectives, and considering key threats, client requirements, regulatory requirements, and technology trends.

Work closely with the Government Clients and other Stakeholders to ensure collaboration and alignment.

Other duties as assigned.

Technical Skills: Knowledge, Skills and Abilities

Strong knowledge and understanding of information security legal and regulatory requirements a plus.

Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework a plus.

Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials a plus.

Knowledge of Department Foreign Affairs Manuals and Foreign Affairs Handbook (FAM/FAH) a plus.

Human Relationship Skills

Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards, and risk-related concepts to technical and nontechnical audiences at various hierarchical levels.

Sound knowledge of business management and information / cybersecurity policies and standards

Additional Abilities

Must be able to pass a background check and additional background checks as required by projects and/or clients at any time during employment.

Relationships

Reports to: Program Manager

Working Conditions

Normal physical conditions

General office environment

Must be able to sit for long periods of time looking at computer screen

May be asked to work a flexible schedule which may include holidays

May be asked to travel for business or professional development purposes

May be asked to work hours outside of normal business hours

Compensation

Comprehensive Benefits Program - Paid-Time-Off