About S2:

S2 continuously optimizes cybersecurity for the modern, constant-threat landscape. Our centralized adversary simulation, detection and response platform, Mage, uses advanced tradecraft to provide continuous red team-as-a-service. With Mage, we find weaknesses before adversaries do, so that every threat is an opportunity for improvement. Deployed as-a-service, S2 makes advanced real-time cybersecurity accessible for all organizations. With smart automation and continuous testing, we help you focus on the most imminent and most critical risks to your enterprise.

S2 is focused solely on cybersecurity and specializes in Adversary Simulation, Protection and Prevention services. We were founded by cybersecurity experts trained by the National Security Agency (NSA) who were joined by senior cybersecurity entrepreneurs with proven expertise within the Federal Government. We are a growing community of cyber professionals seeking like-minded individuals who are passionate about cybersecurity, seek innovation in our everyday work, hold ourselves and those around us accountable, and have a will to win.

S2. Relentlessly secure.

Stage 2 Security (S2) is seeking an Information Assurance Analyst who has experience working with both Agile and Waterfall System Development Lifecycles (SDLC’s) and integrating RMF process into a Federal Information System. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market. 

Responsibilities: 

Responsible for supporting ISSO’s and System Owners supporting Zero Trust capability implementations with the following: 

•  Developing and maintaining System Security Plans (SSP). 

• Implementing and managing NIST 800-53 Rev. 5 or later Security Controls. 

• Developing and adding security controls for ZT capabilities to Common Control catalog 

• Supporting the SA&A process. 

• Supporting Continuous Monitoring activities. 

• Managing POA&Ms and developing remediation strategies. 

• Aligning systems activities to the NIST Cyber Security Framework (CSF). 

• Supporting the incident response process. 

• Identifying and supporting system Interconnection Security requirements. 

• Supporting audit logging review and remediation activities. 

• Providing OMB FISMA data. 

• Developing and documenting incident reporting procedures for service desk, admins, and security staff for incidents. 

Requirements:  

Must have a good understanding of SDLC and RMF Process including: 

• Experience advising government program managers on security testing methodologies and processes 

• Experience performing system analysis, system audits, system monitoring, security control assessment/testing, risk management, incident response 

• Experience evaluating certification documentation and providing written recommendations for accreditation to government PMs 

• Experience reviewing system security to accommodate changes to policy or technology 

• Evaluation of IT threats and vulnerabilities to determine whether additional safeguards are needed 

• Experience advising the government concerning the impact levels for Confidentiality, 

• Integrity, and Availability for the information on a system 

• Experience conducting certification tests that include verification that the features and assurances required for each protection level are in place 

• Experience with conducting and coordinating IS security inspections, tests, and reviews 

• Experience assessing changes in the system, its environment, and operational needs that could affect the accreditation 

• Experience preparing the final SAR containing the results and findings from the assessment 

• Experience with Initiating a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR 

• Experience performing risk assessments and making recommendations to customers

• Minimum of 3 years of experience

• Preferred Education : Bachelors of Science degree preferably in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or equivalent experience 

• US Citizenship required, and candidates must be willing to be submitted for a US Government background investigation 

Certification Requirement: 

• At least one security certification from the following issuing bodies: (ISC)², Comp TIA, ISACA, GIAC, CISCO, EC- Council, IAPP, or equivalent. 

No third-party candidates will be considered

The Benefits:

S2 is a small business where people come first, and we know and care about each and every employee. This drives us to provide the best possible benefits and we believe that the benefits we offer are a notch above the rest.

The Benefits at S2 include:

• Medical & dental insurance premiums are 100% paid by S2 for the employee and eligible dependents

• Up to $100 per month reimbursed for mobile phone expenses
• Up to $50 per month reimbursed for home Internet access
• Expenses paid for approved work-related trainings & conferences
• Eligibility to participate in our 401k program after 90 days of employment
• Competitive salary, which is paid semi-weekly (twice per month) 
• Participation in S2 Unlimited PTO Program
• 11 paid government holidays annually
• 10 paid sick days

Stage 2 Security welcomes and encourages diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status.

If you are looking to make an impact, Stage 2 Security is the place for you.