Job Description
About the Role
Triple Point Security is seeking a mid-level Security Analyst to support the implementation, operation, and continuous improvement of security capabilities across our federal, state, local, and commercial client engagements. Working within a team of cybersecurity professionals, the Security Analyst will contribute to a range of activities including review of security assessments, vulnerability management, security tool deployment, and compliance support. This role is well-suited for a detail-oriented analyst with hands-on RMF security compliance experience and strong communication and collaboration skills who is looking to grow their career within a specialized, fast-moving cybersecurity consulting firm and mentor junior team members.
Required Qualifications
-
Bachelor’s degree in Cybersecurity, Information Systems, Information Technology, Computer Science, or a related field, or equivalent combination of education and experience.
-
4–7 years of experience in information security, cybersecurity compliance, risk management, security assessment, or a related role.
-
Demonstrated experience reviewing, interpreting, and assessing System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and related security authorization documentation.
-
Working knowledge of the Authorization to Operate (ATO) process and the Risk Management Framework (RMF), including security control selection, implementation, assessment, and remediation tracking.
-
Strong understanding of NIST SP 800-53, FISMA, and federal information security compliance requirements.
-
Ability to evaluate security controls and determine whether documentation and implementations adequately address federal compliance expectations.
-
Experience supporting or participating in security control assessments, risk assessments, vulnerability assessments, or compliance reviews in federal or federally aligned environments.
-
Ability to interpret technical, operational, and administrative security controls and communicate gaps, risks, and recommendations to both technical and non-technical stakeholders.
-
Familiarity with core security concepts such as access control, authentication, logging and monitoring, incident response, configuration management, contingency planning, and vulnerability management.
-
Strong written and verbal communication skills, including the ability to provide clear compliance feedback, document findings, and support partners through remediation and authorization activities.
-
Experience collaborating with system owners, ISSOs, security teams, assessors, and external partners to resolve documentation and control deficiencies.
-
Must be a U.S. citizen eligible to work in a federal environment and, if required, obtain and maintain a federal security clearance.
Preferred Qualifications
-
Experience supporting federal ATO packages for internal systems, contractor systems, or external partner systems.
-
Familiarity with reviewing and validating supporting artifacts such as control implementation statements, architecture diagrams, policies, procedures, inventories, contingency plans, incident response documentation, and vulnerability scan results.
-
Experience helping organizations prepare for or respond to security assessments, independent reviews, or authorization decisions.
-
Understanding of cloud security and compliance considerations in AWS, Azure, or GCP, including how cloud services affect control inheritance and responsibility models.
-
Familiarity with Zero Trust Architecture, identity and access management principles, and modern federal cybersecurity initiatives.
-
Experience with governance, risk, and compliance tools or authorization repositories used to manage SSPs, SARs, POA&Ms, and related artifacts.
-
Ability to balance compliance requirements with operational realities and provide practical, risk-informed guidance to external partners.
-
Experience working within or supporting federal agencies, federally funded programs, or regulated environments.
-
Relevant certifications such as CISSP, CISM, CAP, Security+, CGRC, or similar.
Clearance & Certifications
Clearance
-
Active Public Trust preferred
-
Must be a U.S. citizen and eligible to obtain or maintain a federal security clearance
Certifications (Required or Preferred)
-
CompTIA Security+ — Required (or equivalent DoD 8570/8140 baseline certification)
-
CompTIA CySA+, CEH, or GIAC GSEC — Preferred
-
Cloud security certification (AWS Associate-level or Specialty, AZ-104, or GCP Professional-level) — Preferred
-
CISSP or CAP — A plus for candidates at the upper end of the experience range
Responsibilities
-
Conduct and support review of assessment documentation that includes, vulnerability scans, penetration test reports, SSP, SAR, PIA, E-AUTH, POA&Ms, Incident Response.
-
Document technical findings, process recommendations, data governance considerations, and assessment results using clear, concise, and actionable written communication.
-
Contribute to continuous monitoring and operational support activities to help maintain the reliability, security, and compliance of data science platforms and research support systems.
-
Monitor system activity, review operational and security-related alerts, and assist with troubleshooting, incident coordination, and response activities affecting data platforms and services.
-
Assist in the development and maintenance of system security and compliance documentation, including System Security Plans (SSPs), POA&Ms, standard operating procedures, data management documentation, and other required artifacts.
-
Collaborate with program staff, system owners, data scientists, engineers, security personnel, and project managers to implement technical, security, and data stewardship requirements across extramural data science systems.
-
Support ATO (Authority to Operate) processes and related compliance efforts, including evidence collection, control validation, and coordination with stakeholders responsible for secure research computing environments.
-
Communicate technical information effectively to diverse stakeholder groups, including scientific, technical, operational, and leadership audiences, through clear written and verbal communication.
-
Support the adoption of best practices for confidentiality, integrity, and availability of data across extramural data science activities.
Skills
The ideal candidate is technically hands-on and detail-oriented, with the flexibility to move between security operations, compliance support, and client-facing deliverable production. They bring a strong foundational understanding of security requirements and frameworks and are motivated to deepen their expertise across Triple Point’s service areas — including ZTA, DevSecOps, and secure cloud and AI adoption — as they grow within the firm. They are a strong collaborator, effective communicator, and independent problem-solver eager to learn new technologies and grow their existing skills.
About Triple Point Security
Triple Point Security is a technical cybersecurity and cloud security firm that provides highly specialized services to organizations with complex, hybrid IT environments. We have experienced tremendous growth through our Zero-Trust Architecture (ZTA), DevSecOps, and secure AI adoption services and are looking to continue this momentum with our cloud service provider, technology, and teaming partners.
Our professionals possess public sector experience in the Department of Health and Human Services (HHS), Department of Defense (DOD), and Department of Justice (DOJ). They also possess private sector experience in telecommunications, finance, managed service providers, and Internet infrastructure. We combine our technical knowledge with best practices from the public and private sectors and apply them to IT security solutions and services that support our clients in achieving their business and mission objectives.