Cybersecurity and Risk Analyst

GormatArlington, VA
Onsite

About The Position

The Cybersecurity and Risk Analyst is a critical member of the Vulnerability Assessment and Penetration Testing (VAPT) team, responsible for identifying, analyzing, and mitigating cybersecurity risks across enterprise systems, networks, and applications. This role focuses on evaluating vulnerabilities, integrating threat intelligence, and supporting compliance efforts to ensure confidentiality, integrity, and availability of organizational data and services. The analyst conducts vulnerability assessments, risk evaluations, and red team/threat simulation activities in alignment with federal security frameworks such as NIST SP 800-53, FISMA, and ISO/IEC 27001. They provide actionable reporting to leadership, enabling risk-based decision-making, and collaborate with cross-functional teams to improve security posture, mitigate threats, and ensure adherence to federal directives and policies. The Cybersecurity and Risk Analyst defines system security requirements for IT systems and applications and conducts comprehensive risk assessments of management, operational, and technical security controls and control enhancements that are present or inherited by an IT system. The analyst determines the overall effectiveness of security controls based on criteria from applicable NIST frameworks (e.g., NIST SP 800-53) and relevant guidance such as NIST SP 800-30. This role supports the Risk Management Framework (RMF) Security Assessment and Authorization (SAA) process through validation of security configurations to ensure compliance with applicable cybersecurity policies, requirements, and directives. The analyst ensures compliance with Security Technical Implementation Guidance (STIG), security benchmarks, and organizational security requirements. The role utilizes automated and manual scanning tools and manual testing methodologies to identify system vulnerabilities, noncompliance, and mitigation strategies.

Requirements

  • A master's degree in information technology, cybersecurity, data science, information systems, or computer science from an ABET-accredited or CAE-designated institution fulfills the educational requirement.
  • Minimum of eight (8) years of experience (YOE) in Information Technology (IT) / Information Security (IS). This includes any combination of experience from relevant IT and cybersecurity disciplines.
  • Must have at least one (1) DoD 8140 certification for the respective area or the ability to obtain certification within six (6) months of onboarding.
  • DoD 8140 certification must be maintained during the period of performance.
  • Must have at least five (5) years of documented experience and/or education in IT or IS/Cybersecurity.
  • Must successfully complete a DEA background investigation.
  • Must possess an active Secret or higher clearance and be eligible for a Top Secret clearance if requested.

Nice To Haves

  • Experience supporting the following areas is preferred:
  • DCWF Role 541 - Vulnerability Assessment Analyst.
  • DCWF Role 622 - Secure Software Assessor.
  • Vulnerability Assessment Analyst / Secure Software Assessor functions.
  • Intermediate and advanced certifications related to cybersecurity roles, including:
  • CompTIA: Cloud+, PenTest+, Security+
  • EC-Council: CEH
  • GIAC: GCED, GCIH, GCSA, GICSP, GSEC

Responsibilities

  • Conduct vulnerability assessments across systems, applications, OT assets, and cloud environments using commercial and open-source tools.
  • Analyze, validate, and prioritize vulnerabilities based on severity, exploitability, and business impact.
  • Perform risk assessments on systems, applications, and ATO packages using frameworks such as NIST SP 800-30 and ISO 27005.
  • Maintain risk registers and communicate risk likelihood and impact to system owners and leadership.
  • Monitor and apply threat intelligence feeds to assess emerging threats and vulnerabilities.
  • Participate in red team operations, adversary emulation, and penetration testing exercises.
  • Correlate vulnerability threat data (e.g., CVEs, MITRE ATT&CK) to determine real-world exploitability.
  • Provide analysis of zero-day vulnerabilities, advanced attack techniques, and potential organizational impacts.
  • Ensure vulnerability management practices align with NIST SP 800-53, NIST SP 800-115, CIS Controls, and ISO 27001.
  • Support internal and external audits by mapping findings to compliance frameworks (FISMA, HIPAA, PCI-DSS).
  • Contribute to incident response readiness, business continuity, and disaster recovery planning.
  • Review and provide input on system change requests, patching compliance, and binding operational directives.
  • Prepare detailed technical reports and executive summaries highlighting risks, vulnerabilities, and mitigations.
  • Document risk mitigation strategies, vulnerability management processes, and audit support artifacts.
  • Provide risk-related training and awareness to stakeholders, communicating technical risk in business terms.
  • Partner with security engineers, SOC analysts, developers, and system owners to coordinate remediation.
  • Participate in Change Control Boards (CCBs) to assess security impact of system changes.
  • Recommend improvements to vulnerability, risk, and threat management processes.
  • Stay current on evolving threat landscapes, vulnerability trends, and cybersecurity technologies.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service