Security Analyst - Junior

About The Position

Requirements

• Master’s Degree or Bachelor’s Degree + 3 years of relevant experience
• 3–6 years of experience in information assurance, cybersecurity, or compliance-focused roles
• Active Top Secret Clearance Required
• Experience maintaining RMF packages in classified or regulated environments
• Working knowledge of NIST 800-series publications and DoD cybersecurity requirements
• Experience developing and maintaining SOPs, policies, or technical documentation
• Strong written and verbal communication skills
• Demonstrated willingness to learn new tools/techniques and support cross-functional cybersecurity activities as mission needs evolve
• Applicants must be U.S. citizens and currently authorized to work in the United States on a full-time basis.
• This position supports a federal government contract and therefore requires an active Top Secret clearance or the ability to obtain one.

Nice To Haves

• Extensive knowledge of AWS Security
• Experience supporting DoD or intelligence community customers
• Hands-on experience with eMASS or other GRC tools
• Familiarity with SIEM platforms, ESS/Trellix, Burp, Checkmarx, or other vulnerability management solutions
• DoD 8140 / 8570 certifications (e.g., Security+, CAP)
• Experience working in classified (SCIF) environments

Responsibilities

• Execute vulnerability management activities using ACAS, ESS, SCAP tools, and manual validation techniques to confirm findings and reduce false positives.
• Conduct application and web vulnerability assessments using tools such as Burp Suite and document results with clear remediation guidance.
• Support vulnerability triage and prioritization based on mission impact, exposure, exploitability, and operational constraints.
• Support the Vulnerability Disclosure Program (VDP) by managing intake, validation, tracking, and coordination with remediation stakeholders.
• Ensure vulnerability findings, evidence, and remediation status are accurately documented and traceable within RMF artifacts (e.g., assessment inputs and POA&M updates).
• Support SCAP/STIG-related validation by correlating scan results to configuration baseline requirements and documenting compliance status.
• Demonstrate the ability to perform—or a strong willingness to learn—security assessment activities across ACAS, ESS, Burp Suite, VDP workflows, and SCAP/STIG compliance processes.
• Configure and manage AWS Security toolsets (CloudTrail, GuardDuty, Inspector, Security Hub).
• Execute DISA STIG compliance activities across operating systems, applications, databases, and network devices
• Validate security baselines using SCAP and manual assessment techniques
• Identify deviations, document compensating controls, and support risk acceptance requests
• Ensure configuration compliance aligns with mission requirements and operational constraints
• Maintain and update RMF packages throughout the system lifecycle
• Support ATO, IATT, and continuous monitoring activities
• Track POA&Ms and remediation actions to completion
• Coordinate with Government System Owners, ISSOs, ISSEs, and Authorizing Officials
• Support cybersecurity assessments, inspections, and compliance reviews
• Support SIEM monitoring and alert analysis
• Assist with ESS deployment, configuration, and reporting
• Support log analysis, threat detection, and incident response activities
• Assist with continuous monitoring and cybersecurity metrics reporting

Benefits

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off
• Family Leave (Maternity, Paternity)
• Short Term & Long-Term Disability
• Training & Development