Mid Level Security Analyst (Hybrid)

This position is for our large software client. This person will join the Security Compliance Team who is supporting the FedRAMP and FISMA authorization of new Cloud Products and 3rd Party Applications into their various cloud environments. This team supports their commercial, corporate, and government environments.



The Security Analyst will be responsible for maintenance of the security documentation for the various environments; which may include development of the metrics / trends, input of security documentation into Xacta, assisting with the FedRAMP or FISMA authorization processes to include prep of the operations team, and documentation summary and update as required. This role serves as a mid level security analyst who assists with the security documentation and can provide thoughtful recommendations on processes and procedures, as well as implementation of security controls. This role must communicate between security, engineering, development and operations teams as required, and be able to interpret and document the results of data gathering. Key deliverables for success will be a monthly maintenance of various POAM, security documentation in Xacta is current and useful, processes and procedures are current and up to date, and assists with assurance that all FedRAMP / FISMA security controls are successfully implemented and associated security documentation is developed and implemented.



On a day to day this person will be required to:

- Gather information and implementation of the security controls through interfacing with the security engineering, operations and build teams

- Develop security documentation such as, but not limited to, System Security Plans (SSP), security plans, procedures, and processes

- Maintain, via review and update, of all security documentation

- Understand the intent of the FedRAMP security controls, FISMA security controls and communicate as needed

- Assist with the FedRAMP or FISMA authorization to include, but not limited to, prep of operations team through training and mock interviews, update documentation as required, and support FedRAMP PMO/ Agency / CISO requests

- 5+ years of Security Analyst experience

- 2+ years working in a cloud environment and FedRAMP protocols

- 4+ years with POAM spreadsheets and understanding how to collect the information for a POAM

- 4+ years with SSP's and understanding how they are written

- Experience using Telos Xacta or similar tool

- Knowledge of CSAM or EMASS

- 3+ years of experience running security assessments

- Must be comfortable going onsite in Herndon 1x per week or as needed

- Experience with Compliance and Security in a Cloud environment

- Knowledge of Privacy Act, GDPR, and other data privacy frameworks.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.