Security Analyst 3

TSP LLC• US,

2d•$83,100 - $100,000

About The Position

TSPi is actively seeking a Security Analyst III to join our team and support our government clients. TSPi excels in meeting the needs of our partners by offering advanced technology solutions utilizing our industry-specific knowledge, iterative Agile approach, commitment and passion to serve, collaborative team environment, and pride in our work. The Security Analyst III supports cybersecurity and compliance initiatives across complex federal environments. This role combines hands-on security expertise with compliance and risk management responsibilities, helping project teams implement and maintain secure systems while ensuring adherence to federal cybersecurity requirements. The ideal candidate will possess knowledge of federal cybersecurity frameworks, cloud security, risk management, and Authorization to Operate (ATO) processes. This individual will work closely with technical teams, program leadership, and government stakeholders to strengthen security posture, manage compliance activities, and support continuous monitoring efforts. This role is contingent upon award of the project to Abt Global and TSPi.

Requirements

Bachelor's degree in Cybersecurity, Information Security, Information Systems, Computer Science, or related field required.
Bachelor's degree plus 5 years of relevant experience, Master's degree plus 3 years of relevant experience, PhD plus 0 years of relevant experience or equivalent combination of education and experience.
Strong knowledge of Federal Information Security Modernization Act (FISMA), Risk Management Framework (RMF), NIST Special Publications, and FIPS standards.
Experience supporting federal Assessment and Authorization (A&A) activities and obtaining or maintaining Authority to Operate (ATO) approvals.
Experience developing and maintaining cybersecurity documentation and compliance artifacts.
Knowledge of NIST SP 800-53, NIST SP 800-37, NIST SP 800-18, FIPS 199, and related federal security guidance.
Experience performing security control assessments, vulnerability assessments, and risk analysis.
Strong understanding of cloud security concepts and controls.
Experience securing Microsoft Windows and Linux-based environments.
Familiarity with security monitoring, audit logging, identity and access management, and incident response practices.
Strong technical writing and documentation skills.
Excellent verbal and written communication skills.
Ability to present cybersecurity concepts to technical and non-technical audiences.
Ability to work independently while collaborating effectively across teams.
Position will require the ability to obtain Level 5 suitability screening (Public Trust Position – Positions) with SSA (including fingerprinting).

Nice To Haves

Experience supporting civilian federal agencies.
Experience with AWS and/or Azure cloud environments.
Experience implementing NIST 800-53 controls in cloud-based systems.
Experience with vulnerability management tools and security scanning platforms.
Experience supporting FedRAMP, Zero Trust, or cloud modernization initiatives.
Experience participating in incident response and security investigations.
Experience supporting DevSecOps and secure software development practices.
One or more of the following certifications is strongly preferred: CISSP, CISM, CISA, CAP, Security+, SSCP, GIAC certifications (GSEC, GCSA, GCIA, or similar), CEH
Experience supporting federal government cybersecurity programs.
Experience supporting security compliance initiatives across multiple systems or programs.
Experience assisting with cybersecurity risk, compliance, and governance activities.
Experience supporting cloud migration or modernization efforts.

Responsibilities

Support security assessment and authorization activities (RMF, ATO, and Continuous Monitoring) for federal information systems.
Develop, review, and maintain cybersecurity documentation including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and related artifacts.
Provide guidance to project teams regarding implementation of NIST security controls and federal cybersecurity requirements.
Conduct annual and ongoing Security Control Assessments (SCAs) and support remediation activities.
Coordinate vulnerability management activities including vulnerability scanning, remediation tracking, and risk analysis.
Support continuous monitoring activities including account reviews, audit log reviews, configuration management reviews, and security control assessments.
Collaborate with system owners, architects, developers, and infrastructure teams to identify and mitigate cybersecurity risks.
Assist in the development and maintenance of organizational cybersecurity policies, standards, and procedures.
Support cloud security initiatives across AWS, Azure, and hybrid environments.
Conduct security reviews of system architectures, technical designs, and proposed technology implementations.
Deliver security awareness training and guidance to technical and non-technical stakeholders.
Support proposal efforts, contract pursuits, and client engagements requiring cybersecurity expertise.
Stay current on evolving cybersecurity threats, federal guidance, and industry best practices.