Job Description:

We are seeking a highly skilled and detail-oriented Cybersecurity Analyst with expertise in NIST frameworks and Risk Management Framework (RMF) to join our growing cybersecurity team. In this role, you will be responsible for ensuring the confidentiality, integrity, and availability of information systems by implementing and maintaining effective cybersecurity policies, controls, and risk management practices.

The ideal candidate will have a strong understanding of NIST standards, RMF processes, and the ability to collaborate with cross-functional teams to assess and mitigate security risks in compliance with organizational and regulatory requirements.

This position offers 1 day remote per week.

Active Secret clearance or higher required along with a DoD 8570 Information Assurance Manager Level II certification (CAP, CASP, CISM, CISSP or GSLC).

Responsibilities:

• Risk Management Framework (RMF) Implementation:
• Lead the application of the RMF process for information systems, including system categorization, security control selection, implementation, assessment, and continuous monitoring.
• Develop and maintain System Security Plans (SSPs), Risk Assessment Reports (RARs), and Plan of Action and Milestones (POA&M).
• Collaborate with system owners to achieve Authority to Operate (ATO) approvals in compliance with organizational policies.
• NIST Standards Compliance:
• Implement and align security controls based on NIST 800-53, 800-171, and other applicable standards.
• Assess and document system security against NIST standards and provide recommendations for mitigation or remediation.
• Stay updated on NIST guidance and ensure organizational compliance with evolving requirements.
• Security Assessments and Monitoring:
• Conduct vulnerability assessments, risk analyses, and penetration testing to identify security gaps and weaknesses.
• Support the deployment and configuration of security tools, including SIEM, firewalls, IDS/IPS, and endpoint protection.
• Monitor and respond to security incidents, including root cause analysis and corrective action implementation.
• Documentation and Reporting:
• Prepare and maintain security documentation, including policies, procedures, and audit reports.
• Generate and present detailed risk assessment findings and mitigation strategies to technical and non-technical stakeholders.
• Track and report on cybersecurity metrics and key performance indicators (KPIs).
• Collaboration and Training:
• Work closely with IT, compliance, and operations teams to ensure cybersecurity objectives are integrated across projects.
• Provide cybersecurity awareness training and guidance to internal teams to reduce organizational risk.

$130,000 - $155,000 a year