Continuous Monitoring Analyst

About The Position

Requirements

• 3+ years experience with Continuous Monitoring, ongoing authorization, or cybersecurity
• Experience with monitoring and assessing NIST SP 800‑53 controls, including collecting and evaluating control evidence generated from Splunk, Cribl, SentinelOne, or Elastic
• Experience with supporting continuous ATO and ongoing authorization processes using data from Tenable, Prisma, Git, JFrog, AWS Security Hub, Azure Security Tower, or Google SCC vulnerability and configuration tools
• Experience with reviewing POA&Ms, validating remediation evidence, and tracking corrective actions through ServiceNow or JCAM
• Experience with analyzing system changes, configuration updates, or architectural modifications for security impact across cloud or hybrid environments
• Experience with security automation or orchestration workflows using Kubernetes, Docker, Terraform, or Ansible, and identifying or interpreting AI‑generated findings using Gemini, Copilot, Claude, or Bedrock
• Knowledge of enterprise IAM and access control concepts supported by Entra ID, Okta, AWS IAM, or Microsoft Conditional Access tools
• Ability to evaluate control effectiveness, synthesize evidence from multiple security tools, and communicate risk posture to technical and non‑technical stakeholders
• Public Trust clearance required
• Bachelor’s degree

Nice To Haves

• Experience with cross‑functional collaboration with ISSOs, system owners, or engineering teams to support RMF lifecycle activities
• Experience with process improvement, workflow standardization, or automation of continuous monitoring or ATO processes
• Experience with dashboards, reporting, or enterprise governance tools that aggregate security telemetry
• Experience with stakeholder engagement, team coordination, or agile delivery support
• Knowledge of Zero Trust principles, cloud security governance, or enterprise modernization initiatives
• Knowledge of secure DevOps practices, CI/CD workflows, or automated compliance pipelines
• Ability to clearly communicate complex compliance, risk, or control concepts in actionable terms
• Ability to adapt quickly to evolving federal guidance, emerging technologies, or shifting program priorities
• Master's degree in Cybersecurity, Information Systems, or related field
• CISSP, Security+, or AWS, GCP, or Azure cloud certifications

Responsibilities

• Assess control effectiveness
• Validate system changes
• Support remediation activities
• Help modernize continuous monitoring processes across hybrid and cloud environments
• Collect and evaluate control evidence
• Track risk and report on findings
• Review POA&Ms, validate remediation evidence, and track corrective actions
• Analyze system changes, configuration updates, or architectural modifications for security impact

Benefits

• Health benefits
• Life benefits
• Disability benefits
• Financial benefits
• Retirement benefits
• Paid leave
• Professional development
• Tuition assistance
• Work-life programs
• Dependent care
• Recognition awards program