Information System Security Analyst/Risk Management

Information System Security Analyst/Risk Management

About The Role

We are seeking an Information System Security Analyst/Risk Management to support our federal government customer. The ISSO is responsible for ensuring the secure configuration, operation, and compliance of information systems (IS) within federal government environments. The ISSO plays a critical role in supporting the Risk Management Framework (RMF) lifecycle, maintaining Authority to Operate (ATO) status, and enforcing cybersecurity policies, procedures, and controls in accordance with NIST, FISMA, and agency-specific standards.

This is a hybrid remote position based in the Washington, D.C., Maryland, Virginia (DMV) area that will require some onsite work at the customer’s location. This position is contingent on contract award.

Responsibilities

• Serve as the primary cybersecurity point of contact for assigned information systems.
• Implement and manage security controls and procedures in accordance with NIST SP 800-53, NIST SP 800-37, and the agency’s cybersecurity framework.
• Support the system lifecycle (RMF Steps 1–6), including: System categorization; Security control selection and implementation; Security assessment preparation; POA&M tracking and remediation; Continuous Monitoring (ConMon).
• Coordinate and prepare system documentation including: System Security Plan (SSP); Security Assessment Report (SAR); Risk Assessment Reports (RAR); Incident Response Plans (IRP).
• Conduct regular security reviews, vulnerability assessments, STIG compliance checks, and audit log reviews.
• Collaborate with system owners, developers, and operations staff to ensure security is integrated into IT projects and daily operations.
• Monitor, track, and report cybersecurity metrics and compliance status to the ISSM, CISO, or agency stakeholders.
• Manage user access reviews, account recertification, and system-level security awareness training.
• Support incident response and investigation efforts when cybersecurity events are detected.
• Coordinate with external assessors, auditors, and the agency’s Authorizing Official (AO) during security evaluations.

Requirements

Required Experience and Skills

• 5–7 years of progressive experience in cybersecurity compliance and systems security in the federal government or DoD sector.
• Deep understanding of:
• NIST SP 800 53, 800 171, and Risk Management Framework (RMF).
• FedRAMP High and CMMC 2.0 Level 2/3 compliance requirements.
• POA&M management, vulnerability management tools (e.g., Tenable.sc, Nessus), and audit support.
• Hands-on experience with:
• AWS GovCloud/Azure Government security configurations.
• Secure enclave architecture, boundary defense, incident response, and continuous monitoring.
• Strong familiarity with ACAS, eMASS, HBSS, STIG Viewer, and SCAP compliance tools.
• Excellent verbal and written communication skills.
• Previous experience working at a federal government agency preferred.
• Ability to pass required Federal background screening / security check including basic and expanded investigations. Ability to obtain and maintain both government clearance and customer approval.
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

Education and Training

• Bachelor’s degree in Cybersecurity, Computer Science, or Information Systems (Master’s preferred).
• Professional Certifications:
• CISSP, CASP, or CISM strongly preferred.
• Security+ CE (baseline DoD 8570 compliance).