Information Security Analyst
About The Position
The Information Security Analyst (Classified Systems) will support compliance, auditing, and documentation activities for classified information systems. In this role, you will serve as the Information System Security Officer (ISSO) for assigned systems, focusing on the full Risk Management Framework (RMF) lifecycle — including security control assessments, continuous monitoring, and system authorization (ATO) maintenance. You will work closely with system owners, engineers, and the Information System Security Manager (ISSM) to keep classified systems compliant and mission ready. You will have the opportunity to play a meaningful role in protecting high-stakes classified environments by ensuring robust security posture, driving compliance excellence, and directly supporting critical national security missions.
Requirements
- 2–5+ years of experience supporting classified information systems or RMF compliance activities
- Active Top Secret Clearance with SCI eligibility. A Polygraph is not required to be eligible for this position. However, the applicant must be willing and eligible for submission, depending on program requirements, after an offer is accepted and must be able to maintain the applicable clearance/access.
- DoD 8140-compliant or equivalent legacy 8570 certifications (e.g. Sec+, CISSP)
- Hands-on experience with RMF documentation and compliance tools, such as eMASS, STIG Viewer, SCAP
- Knowledge of NIST SP 800-53 controls, security control implementation, and auditing practices
- Familiarity with classified environments and government security processes
- Strong attention to detail and ability to manage compliance documentation accurately
- Completion of applicable DCSA training for classified RMF and system authorization within 90 days of hire
Nice To Haves
- Experience with hardening various OSs (Windows and Linux)
- Prior experience performing ISSO or compliance responsibilities in a government or contractor environment
- Experience with centralized logging systems (e.g. Graylog)
- Experience with vulnerability scanners (Wazuh)
- Understanding of JSIG/DCSA requirements
Responsibilities
- Act as ISSO for classified systems, supporting the RMF lifecycle, including: Security control assessments, System authorization (ATO) maintenance, Continuous monitoring and reporting
- Manage and maintain RMF documentation in eMASS or manually (based on customer requirements), including: System Security Plans (SSP), Security Control Traceability Matrices (SCTM), Risk Assessment Reports (RAR), Plans of Action & Milestones (POA&M)
- Conduct and document vulnerability assessments using tools such as: SCAP Compliance Checker, STIG Viewer
- Perform audits and reviews to verify compliance with applicable security controls and standards, including: NIST SP 800-53, JSIG/DISA guidance (as applicable), DCSA requirements
- Maintain asset inventory and configuration documentation for classified systems
- Track findings and coordinate remediation with system owners, system admins, and ISSM
- Support inspections, audits, and government assessments for classified systems
- Stay current on RMF guidance, cybersecurity standards, and government training requirements (e.g., DCSA CBTs)
Benefits
- 100% Company-paid medical insurance for employees
- 100% Company-paid dental and vision insurance
- Competitive salary and bonus
- 25% 401k company contribution
- Generous PTO, parental leave, bereavement leave, and volunteer time
- Flexible work hours
- Tuition reimbursement, training allowance, internal mobility opportunities
- Free beverages and snacks, Donut Fridays, monthly social events
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
