Security Analyst

Position Summary

The Security Analyst (SA) will work as a member of the cyber team, assisting with the creation, update, and maintenance of FedRAMP required security documentation, associated artifacts, and Continuous Monitoring (CONMON) requirements — including Plan of Action and Milestones (POA&M). The SA advises stakeholders on changing regulatory, government, and Cloud/FedRAMP policies, supports risk assessments, system categorization, security authorization and accreditation activities (A&A), and validates control compliance across providers.

Required Skills

• Understand and document information system specifications and security controls, including logical and physical diagrams, connectivity, communication, and data flow diagrams — both internal and external to the system.
• Advise stakeholders on multiple courses of action in environments with changing unconfirmed policy (e.g., NIST RMF and DISA SRG).
• Document courses of action and identify risk mitigation recommendations in accordance with FedRAMP requirements, company policy, and best practices, with associated benefits and drawbacks.
• Apply enterprise security frameworks such as FISMA and NIST SP 800 toward existing cloud environment initiatives.
• Develop and update policies and procedures to implement FedRAMP compliance as well as NIST 800-171 requirements and other DFAR clauses.
• Understand enterprise operating environments, including security posture, application environment, and associated security controls.
• Demonstrate familiarity with current FedRAMP, DoD, and NIST security controls and technologies, including vulnerability management capabilities.
• Identify and assess cloud system state, including vulnerabilities, RMF package status, accreditation model, PPS compliance, and patching/CSVA mechanisms.

Key Frameworks & Standards

FedRAMP NIST SP 800 NIST RMF FISMA DISA SRG NIST 800-171 DFAR CNSS Privacy Act

Required Experience

• Demonstrated knowledge and ability to analyze systems for cybersecurity compliance.
• Ability to work in a fast-paced, team-oriented environment.
• Knowledge of Federal and DoD policies and risk assessment methodologies, including FedRAMP.
• Experience writing or executing system security documentation, authorization to operate packages, POA&Ms, and policies.
• Experience reviewing, editing, and writing technical documents.
• Presentation and public speaking skills required.
• Knowledge of DISA STIGs and SRGs, Committee for National Security Systems Instructions, and the NIST Risk Management Framework.
• Knowledge and understanding of systems and networking technologies and concepts.
• Ability to interpret and assess network diagrams and drawings using Visio.
• Familiarity with Testing, Development, Staging, and pre-production environments requiring cybersecurity support.
• Knowledge of the Privacy Act.