Security Analyst
Core One · McLean, VA · 3 mo ago
Information TechnologyFull-time
Key Responsibilities
- Lead and support FedRAMP Moderate/High and IC ATO authorization processes
- Develop, review, and maintain security documentation: System Security Plans (SSP), Security Assessment Reports (SAR), Plan of Action & Milestones (POA&M)
- Ensure compliance with NIST SP 800-53 / 800-37 RMF, FedRAMP baselines, ICD 503
- Perform risk assessments, control assessments, and gap analyses
- Implement and manage RMF lifecycle activities (Categorize → Monitor)
- Track and manage POA&M remediation activities
- Facilitate security control inheritance and shared responsibility models
- Execute continuous monitoring strategies and reporting
- Analyze security posture using Vulnerability scans and Configuration compliance
- Produce monthly/quarterly ConMon deliverables
- Monitor and analyze security events and alerts
- Support incident response and forensic analysis
- Coincide with SOC teams and stakeholders for threat mitigation
- Conduct root cause analysis and lessons learned
- Secure cloud environments aligned with FedRAMP controls
- Implement identity and access controls
- Sustain 3PAO assessments and audits
- Prepare evidence artifacts for FedRAMP JAB/Agency ATO reviews and Inspector General (IG) audits
- Coincide with internal/external auditors
- Utilize security tools for monitoring and compliance: Splunk, Sentinel, Vulnerability management tools, ServiceNow
- Create automation of compliance and reporting workflows
- Act as liaison between Engineering teams, ISSOs / ISSMs, and Compliance and audit teams
- Provide security guidance during system design and change management
- Mentor junior analysts and support team development
- Promote a culture of security-first engineering and compliance excellence
- Contribute to security governance and policy development
- Active TS/SCI with Polygraph
- Bachelor's degree or higher in Cybersecurity, IT, or related field and 5+ years' experience in Cybersecurity in federal or IC environments
- OR Masters and 3+ years of experience in Cybersecurity in federal or IC environments
- Strong Knowledge of NIST RMF (800-37), NIST 800-53 controls, and FedRAMP requirements
- At least one of the following certifications: CISM or CISA, CompTIA Security+, Certified Authorization Professional (CAP), CCSP (cloud security)
- Experience in the following tools: NIST 800-53, RMF, FedRAMP, ICD 503, ServiceNow GRC, Splunk, Azure Sentinel, Nessus, ACAS, AWS GovCloud, Azure Government, GCP, SCAP, STIG Viewer