Senior Information Security Analyst

Govcio LLC

23h•$115,000 - $140,000•Hybrid

About The Position

GovCIO is currently hiring for Senior Information Security Analyst to lead efforts in STIG compliance, system hardening, and vulnerability remediation for a mission-critical U.S. Coast Guard program. This position will be located in Kearneysville, WV and will be a hybrid position. GovCIO is a team of transformers--people who are passionate about transforming government IT. Every day, we make a positive impact by delivering innovative IT services and solutions that improve how government agencies operate and serve our citizens.But we can't do it alone. We need great people to help us do great things - for our customers, our culture, and our ability to attract other great people. We are changing the face of government IT and building a workforce that fuels this mission. Are you ready to be a transformer? Our employees’ unique talents and contributions are the driving force behind our success in supporting our customers, which ultimately fuels the success of our company. Join us and be a part of a culture that invests in its people and prioritizes continuous enhancement of the employee experience.

Requirements

Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or related field with 8+ years (or commensurate expertise).
Clearance: Active Secret clearance
Certifications: DoD 8570 IAT Level II (e.g., Security+ CE, CySA+)
STIG Expertise: Advanced hands-on experience with STIG configuration and remediation for Windows and Linux servers.
Security Leadership: Proven ability to lead security initiatives and coordinate cross-functional teams.
Risk Management: Strong understanding of vulnerability management, risk assessment, and prioritization strategies.
Compliance: Deep knowledge of DoD RMF, NIST frameworks, and other security standards.
Documentation: Ability to produce detailed, clear documentation for technical and executive audiences.

Nice To Haves

Experience supporting DoD or U.S. Coast Guard environments
Scripting & Automation: Proficiency in PowerShell, Python, or similar scripting languages for automation of security tasks.
Cloud Security: Experience with AWS, Azure, or other cloud platforms in secure environments.
Database Security: Familiarity with Oracle or SQL Server hardening and vulnerability remediation.
Certifications: CISSP or equivalent preferred.
DevSecOps: Understanding of CI/CD pipelines and integration of security controls in DevOps environments.

Responsibilities

Lead remediation of legacy STIG and vulnerability findings across all Areas of Responsibility (AOR).
Review vulnerability data, prioritize remediation efforts based on risk, and coordinate with system administrators for focused resolution of backlog vulnerabilities.
Validate all remediation activities to ensure compliance with applicable standards and security policies.
Collaborate with ISSOs to resolve data inconsistencies and meet ATO deadlines for system boundaries.
Document all remediation processes and outcomes to establish repeatable procedures and maintain compliance.
Support continuous improvement of security posture through proactive identification and mitigation of vulnerabilities.