Security Analyst

About The Position

Requirements

• Active TS/SCI with Polygraph
• Bachelor's degree or higher in Cybersecurity, IT, or related field and 5+ years' experience in Cybersecurity in federal or IC environments
• OR Masters and 3+ years of experience in Cybersecurity in federal or IC environments
• Strong Knowledge of NIST RMF (800-37), NIST 800-53 controls, and FedRAMP requirements
• At least one of the following certifications: CISM or CISA, CompTIA Security+ (baseline), Certified Authorization Professional (CAP), CCSP (cloud security)
• Experience in the following tools: NIST 800-53, RMF, FedRAMP, ICD 503, RSA Archer, ServiceNow GRC, Splunk, Azure Sentinel, Nessus, ACAS, AWS GovCloud, Azure Government, GCP, SCAP, STIG Viewer

Nice To Haves

• Experience with cloud-native security tools
• Knowledge of Zero Trust Architecture
• Experience with cross-domain solutions
• Experience with ICD 503
• Familiarity with DevSecOps pipelines in regulated environments

Responsibilities

• Lead and support FedRAMP Moderate/High and IC ATO authorization processes
• Develop, review, and maintain security documentation: System Security Plans (SSP), Security Assessment Reports (SAR), Plan of Action & Milestones (POA&M)
• Ensure compliance with NIST SP 800-53 / 800-37 RMF, FedRAMP baselines, ICD 503
• Perform risk assessments, control assessments, and gap analyses
• Implement and manage RMF lifecycle activities (Categorize → Monitor)
• Track and manage POA&M remediation activities
• Facilitate security control inheritance and shared responsibility models
• Execute continuous monitoring strategies and reporting
• Analyze security posture using Vulnerability scans and Configuration compliance
• Produce monthly/quarterly ConMon deliverables
• Monitor and analyze security events and alerts
• Support incident response and forensic analysis
• Coordinate with SOC teams and stakeholders for threat mitigation
• Conduct root cause analysis and lessons learned
• Secure cloud environments aligned with FedRAMP controls
• Implement identity and access controls
• Support 3PAO assessments and audits
• Prepare evidence artifacts for FedRAMP JAB/Agency ATO reviews and Inspector General (IG) audits
• Coordinate with internal/external auditors
• Utilize security tools for monitoring and compliance: Splunk, Sentinel, Vulnerability management tools, RSA Archer, ServiceNow
• Support automation of compliance and reporting workflows
• Act as liaison between Engineering teams, ISSOs / ISSMs, and Compliance and audit teams
• Provide security guidance during system design and change management
• Mentor junior analysts and support team development
• Promote a culture of security-first engineering and compliance excellence
• Contribute to security governance and policy development