Information Security Analyst (Journeyman)

Who We Are: Oasys International, LLC (Oasys) is a rapidly expanding firm that has been recognized on Inc. 5000 magazine's list of the fastest-growing companies for five consecutive years. We are a dynamic organization dedicated to providing world-class technology consulting services through our team of expert technologists, consultants, engineers, and subject matter experts. At Oasys, we prioritize continuous learning, a healthy work-life balance, and a collaborative work environment. Our culture is merit-based, recognizing and rewarding performance and fostering a supportive and social atmosphere.

Position Summary:

Oasys is seeking an Information Security Analyst support the United States Coast Guard (USCG) at the Aviation Logistics Center (ALC)-Information Systems Division (ISD). The Information Security Analyst will support ongoing cybersecurity operations, continuous monitoring, risk assessments, and security compliance activities aligned with the DHS 4300A, NIST 800-53, and RMF standards.

The successful candidate will work closely with security engineers, system administrators, auditors, and federal stakeholders to evaluate and implement effective security measures that protect mission-critical systems and ensure audit readiness.

Primary Responsibilities:

• Support the implementation, monitoring, and continuous improvement of cybersecurity controls across enterprise systems, networks, and applications.
• Participate in and support the full lifecycle of the Risk Management Framework (RMF), including security categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
• Monitor and analyze alerts and logs from Security Information and Event Management (SIEM) systems to identify threats and suspicious activities.
• Conduct vulnerability scans, assist in POA&M development, and provide recommendations for remediation and mitigation strategies.
• Review and support the development of System Security Plans (SSPs), Security Assessment Reports (SARs), Contingency Plans (CPs), and Incident Response Plans (IRPs).
• Conduct cyber risk assessments on systems, applications, and infrastructure to identify potential security gaps and recommend improvements.
• Assist in drafting and reviewing security documentation, audit findings, after-action reports, and compliance assessments.
• Collaborate with security control assessors to validate control implementations and test compliance to internal policies and federal guidelines.
• Support awareness and training initiatives to promote cybersecurity best practices across program teams.
• Provide input into policy, procedure, and standard development to ensure alignment with federal regulations and emerging threats.
• Evaluate security solutions and provide input on system security designs, ensuring defense-in-depth strategies.
• All other duties as assigned by management.

Skills/Qualifications:

• Understanding of cybersecurity principles, RMF processes, and federal compliance requirements.
• Hands-on experience with vulnerability management, log analysis, or SIEM operations.
• Familiarity with network security, identity and access management, and endpoint protection.
• Basic proficiency in federal cybersecurity frameworks including FISMA, DHS 4300A, NIST 800-53, and NIST 800-37.
• Ability to develop security documentation and effectively communicate findings to both technical and non-technical audiences.
• Strong analytical, organizational, and documentation skills.

Education/Experience Requirements:

• Bachelor's or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Two (5) years of directly relevant experience may substitute for one (1) year of formal education.
• Minimum of two (2) years of experience in Information security as analyst or in security operations.
• Minimum of two (2) years of experience with Security Information and Event Management (SIEM).
• Minimum of two (2) years of experience in the risk management framework.
• Basic knowledge of the following: Active Directory, UNIX, Windows, Relational Databases.
• Demonstrated experience working in support of federal government enterprise applications preferred.

Clearance:

• U.S. citizenship required
• Must have an active DoD Secret Clearance.

Certification Requirement

• CompTIA Security
• Additional certifications (Network , AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, ITIL Foundation, TOGAF, or other security architecture frameworks) are a plus.

Work Location:

• Elizabeth City, NC - On-Site (Full-Time)

Oasys is proud to be an equal opportunity employer for all protected groups, including protected veterans and individuals with disabilities.