Jobs · Information Technology · Virginia

Security Analyst

Core One · McLean, VA · 3 mo ago
Information TechnologyFull-time

Key Responsibilities

  • Lead and support FedRAMP Moderate/High and IC ATO authorization processes
  • Develop, review, and maintain security documentation: System Security Plans (SSP), Security Assessment Reports (SAR), Plan of Action & Milestones (POA&M)
  • Ensure compliance with NIST SP 800-53 / 800-37 RMF, FedRAMP baselines, ICD 503
  • Perform risk assessments, control assessments, and gap analyses
  • Implement and manage RMF lifecycle activities (Categorize → Monitor)
  • Track and manage POA&M remediation activities
  • Facilitate security control inheritance and shared responsibility models
  • Execute continuous monitoring strategies and reporting
  • Analyze security posture using Vulnerability scans and Configuration compliance
  • Produce monthly/quarterly ConMon deliverables
  • Monitor and analyze security events and alerts
  • Support incident response and forensic analysis
  • Coincide with SOC teams and stakeholders for threat mitigation
  • Conduct root cause analysis and lessons learned
  • Secure cloud environments aligned with FedRAMP controls
  • Implement identity and access controls
  • Sustain 3PAO assessments and audits
  • Prepare evidence artifacts for FedRAMP JAB/Agency ATO reviews and Inspector General (IG) audits
  • Coincide with internal/external auditors
  • Utilize security tools for monitoring and compliance: Splunk, Sentinel, Vulnerability management tools, ServiceNow
  • Create automation of compliance and reporting workflows
  • Act as liaison between Engineering teams, ISSOs / ISSMs, and Compliance and audit teams
  • Provide security guidance during system design and change management
  • Mentor junior analysts and support team development
  • Promote a culture of security-first engineering and compliance excellence
  • Contribute to security governance and policy development
  • Qualifications

    • Active TS/SCI with Polygraph
    • Bachelor's degree or higher in Cybersecurity, IT, or related field and 5+ years' experience in Cybersecurity in federal or IC environments
    • OR Masters and 3+ years of experience in Cybersecurity in federal or IC environments
    • Strong Knowledge of NIST RMF (800-37), NIST 800-53 controls, and FedRAMP requirements
    • At least one of the following certifications: CISM or CISA, CompTIA Security+, Certified Authorization Professional (CAP), CCSP (cloud security)
    • Experience in the following tools: NIST 800-53, RMF, FedRAMP, ICD 503, ServiceNow GRC, Splunk, Azure Sentinel, Nessus, ACAS, AWS GovCloud, Azure Government, GCP, SCAP, STIG Viewer

Similar jobs

Security Analyst

Turnberry SolutionsAudubon, PA· 1 wk ago
Information Technologyapply on turnberrysolutions.com

Security Analyst

TalentAllyWisconsin, United States· 4 days ago
RemoteOTHRapply on talentally.com

Security Analyst

Target HospitalityThe Woodlands, TX· 5 days ago
Information Technologyapply on recruiting2.ultipro.com

Security Analyst

CelesticaRichardson, TX· 3 days ago
Information Technologyapply on careers.celestica.com

Security Analyst

Computer World Services Corp. (CWS)Morrisville, NC· 6 mo ago
Information Technologyapply on jobs.lever.co

Security Analyst

Technix LLCMinnesota, United States· 4 days ago
Information Technology