Title: Systems Security Analyst
Location: Vienna, VA(3 days onsite a week is mandatory)
US citizenship is required to obtain a secret clearance
Responsibilities
- Serve as the security technical SME, collaborating with the delivery team project manager and leading a security team of approximately five members
- Act as the security technical SME in interactions with government project customers, ISSOs, and ISMs
- Define, implement, and manage security team processes and procedures, ensuring team understanding and compliance
- Oversee technical aspects of handling identified security weaknesses and POA&Ms from intake through remediation
- Support the development team in executing and enhancing the DevSecOps process, aligning with the customer’s “security to the left” requirement
Experience and Skills
- Extensive knowledge of federal cybersecurity governance, risk management, and continuous monitoring processes, including RMF, NIST SP 800-53, NIST CSF, A&A/C&A, POA&M management, and control validation
- Proficient in interpreting and applying security hardening standards and compliance baselines (DISA STIGs, CIS Benchmarks, CVEs), and assessing technical findings against organizational security requirements
- Skilled in vulnerability management workflows, including Tenable/Nessus scan analysis, validation of findings, identification of false positives, and translating vulnerabilities into remediation or POA&M actions
- Experienced in weakness and POA&M remediation through review of SSPs, assessment results, scans, remediation artifacts, and risk analysis in accordance with NIST and federal standards
- Capable of updating and maintaining SSP documentation for enterprise and cloud environments, including control tailoring, inheritance documentation, and alignment with RMF, FedRAMP, and federal requirements
- Proficient in managing vulnerability and POA&M workflows across CSAM/GRC, WTT/ServiceNow, Jira, and Excel, ensuring data alignment, traceability, and closure readiness
- Able to participate in security audits and assessments, interpret findings, and coordinate remediation and evidence collection for compliance and operational requirements
- Strong documentation skills, translating complex workflows into clear process diagrams, SOPs, and management-ready summaries for cross-functional teams
- Experienced in leveraging Generative AI tools to enhance cybersecurity workflows, research, documentation, and decision support, with careful attention to information sensitivity and validation
- Active CISSP certification desired, but not required
Pay: From $110,000.00 per year
Work Location: Hybrid remote in Vienna, VA 22180