Cybersecurity Lead

Foxhole Technology, Inc.•Arlington, VA

1d•Remote

About The Position

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise – across the organization and around the world. Foxhole is seeking a Cybersecurity Team Lead (Senior Information Security Analyst). This position will manage and enforce cybersecurity posture, assessments, compliance, and monitoring activities. Using relevant experience, strong problem solving, and customer service skills to ensure the appropriate operational security posture is maintained for information system, integration points, and program by implementing and maintaining security controls in close coordination with the Government.

Requirements

At least 7 years of experience in cybersecurity, compliance, or RMF program management
Hands-on experience managing assessment and authorization activities within eMASS (or similar tool) and implementing RMF controls in GovCloud environment
Strong understanding of RMF, DISA STIGs/SRGs, and Cloud Computing SRG
Knowledge of FedRAMP, NIST SP 800-53, and CMMC frameworks
Experience with vulnerability scanning and compliance validation technologies
Strong understanding of cloud security (AWS, OCI, etc.)
Ability to work independently, and part of team, in a high-intensity fast=paced environment
Familiarity with security best practices and compliance requirements.
Excellent troubleshooting and problem-solving skills
Active DoD Secret Clearance
Continental travel may be required

Nice To Haves

Bachelor’s (BS) degree in relevant field – strongly preferred but not required
Certifications such as CISSP, CISM, or similar cert is preferred
Familiarity with security tools and frameworks such as ACAS, Nessus, cloud-based scanning technologies, etc.
Experience supporting FedRAMP accreditations is a plus
Knowledge of computer network defense process and procedures

Responsibilities

Lead the design, implementation, and continuous improvement of enterprise cybersecurity frameworks across GovCloud environments, ensuring alignment with DoD security requirements
Manage the full Risk Management Framework (RMF) lifecycle, including control selection, tailoring, inheritance, and mapping
Architect and sustain automated compliance and continuous monitoring pipelines, enabling real-time RMF evidence generation, vulnerability scanning, AWS security, or equivalent platforms
Maintain and govern cybersecurity architecture artifacts, including system security plans, system diagrams, and data flow mappings to support audit readiness and system authorization
Direct vulnerability management and remediation programs, including coordination of scanning and POA&M tracking to ensure timely risk mitigation
Ensure compliance with DISA STIGs, SRGs, and PPSM requirements through continuous validation, audits, and control assessments
Collaborate with Authorizing Officials (AOs), Security Control Assessors (SCAs), and engineering teams to obtain and sustain Authorization to Operate (ATO)
Lead the security integration into DevSecOps pipelines, ensuring automated security testing, compliance enforcement, and secure code deployment practices
Oversee development and maintenance of key security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Incident Response Plans (IRPs), and Contingency Plans
Lead incident response efforts, including detection, analysis, containment, and reporting, ensuring alignment with organizational and regulatory requirements
Mentor and guide junior analysts, while communicating security posture, risk metrics, and compliance status effectively to senior leadership and stakeholders