Onsite | Springfield, VA | 5 Days a Week

Active TS/SCI Clearance Required

Summary

Our client is an employee and Service-Disabled, Veteran-owned Small Business focused on providing niche technical services. They are a team of experienced cybersecurity professionals with a track record of success in the Federal, Commercial, and Academic workspaces. Additionally, our client designs, builds, operates, and secures scalable cloud and IT infrastructures to meet their customers’ near-term needs and fulfill their long-term requirements.

Responsibilities

Our client is looking for a highly skilled Information Security Analyst to support security operations and compliance efforts within a DoD/NGA environment. The ideal candidate will have extensive experience with the Risk Management Framework (RMF), Authority to Operate (ATO) processes, vulnerability management, and continuous monitoring of enterprise systems. This role requires hands-on expertise in security assessments, system hardening, and coordination with senior security officials.

Authority to Operate (ATO) & Security Controls
• Apply expertise in the Risk Management Framework (RMF) to guide systems through the ATO process.
• Develop and maintain critical security documentation, including System Security Plans (SSPs), Risk Assessment Reports, and other accreditation artifacts.
• Coordinate with Authorizing Officials (AOs) and senior stakeholders to ensure compliance with security policies and procedures.

Vulnerability Management
• Conduct regular vulnerability assessments to identify potential security risks.
• Utilize tools such as ACAS (Assured Compliance Assessment Solution) for vulnerability scanning, analysis, and reporting.
• Develop and implement remediation plans to address security weaknesses in a timely manner.

Security Technical Implementation Guide (STIG) Assessments
• Apply DoD STIGs to ensure systems meet security baselines and compliance requirements.
• Perform system hardening by configuring security controls and minimizing attack surfaces.
• Maintain detailed documentation and reporting on compliance status and remediation actions.

Continuous Monitoring & Incident Response
• Implement continuous monitoring strategies to assess security controls and system integrity.
• Utilize Security Information and Event Management (SIEM) tools to monitor real-time security events.
• Manage and coordinate incident response efforts, ensuring timely detection, analysis, and mitigation of security threats.

Requirements

• Security+ CE or CySA+ certification (required).
• Extensive experience with RMF, ATO processes, and security documentation development.
• Strong knowledge of DoD security tools such as ACAS and SIEM solutions.
• Hands-on experience conducting vulnerability assessments and STIG compliance reviews.

Preferred Qualifications

• CISSP or CISM certification (highly desirable).
• Previous experience supporting DoD systems.
• Strong understanding of incident response coordination and security operations.

Clearance Requirements

• Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; an active TS/SCI clearance is required. Please be aware that onboarding can take 4-6 weeks for this position.