STIG Compliance Analyst
About The Position
We are seeking a highly skilled and innovative STIG Compliance Analyst to join our team in the greater DMV area, supporting the Army National Guard. This role involves reviewing system configurations and validating security settings to enforce DISA STIG/SRG hardening across various systems. The analyst will conduct STIG assessments, identify non-compliant configurations, and coordinate remediation efforts. Maintaining authoritative STIG checklists, uploading compliance artifacts, and producing routine compliance reports are key aspects of this position. Collaboration with ISSOs, cybersecurity teams, engineers, and system owners is essential for interpreting STIG guidance and resolving compliance issues. The role also contributes to process improvement by refining hardening procedures and documentation.
Requirements
- 2 years with BS/BA; 0 years with MS/MA; 6 years with no degree
- Active TS/SCI clearance.
- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field; OR Relevant professional certification or equivalent experience (examples: CGRC (CAP); CySA+; CompTIA CASP+); OR Relevant DoD/military training (examples: DISA ACAS / STIG Viewer training).
- Hands‑on STIG compliance, system hardening, or cybersecurity operations experience.
- Practical experience using DISA STIG Viewer, ACAS/Nessus scanning, and eMASS or equivalent RMF evidence/workflow tools.
- Strong ability to apply STIG/SRG configurations, document findings, validate remediation, and maintain configuration baselines.
- Proficiency producing compliance reports, dashboards, and evidence packages to support inspections and accreditation.
- Good collaboration and communication skills to work with system owners, ISSOs, and engineering teams.
Nice To Haves
- Prior DoD/ARNG STIG/CCRI support experience and familiarity with multi‑domain (NIPR/SIPR) compliance constraints.
- Experience automating STIG validation, configuration enforcement (e.g., via DSC/Ansible), and integrating checks into CI/CD pipelines.
Responsibilities
- Review system configurations and validate security settings to enforce DISA STIG/SRG hardening across servers, workstations, applications, and network devices.
- Conduct STIG assessments using approved tools (STIG Viewer, ACAS), identify non‑compliant configurations, and record findings per DoD/Army/RMF requirements.
- Apply configuration updates and hardening measures, coordinate remediation with system administrators, and validate post‑remediation compliance.
- Maintain authoritative STIG checklists, version control, change logs, and configuration baselines to support auditability.
- Upload compliance artifacts, evidence, and updated checklists into eMASS and enterprise tracking tools; support POA&M creation and tracking.
- Produce routine compliance reports, vulnerability summaries, and dashboards to support CCRI readiness and continuous monitoring.
- Perform configuration audits across dev/test/staging/production environments and verify adherence to RMF control requirements.
- Collaborate with ISSOs, cybersecurity teams, engineers, and system owners to interpret STIG guidance and resolve recurring compliance issues.
- Contribute to process improvement by refining hardening procedures, documentation, and automated validation workflows.
Benefits
- Overtime
- Shift differential
- Discretionary bonus
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
