Senior Cybersecurity Analyst

ITility is seeking a Senior Cybersecurity Analyst to support enterprise IT and cybersecurity initiatives within a Department of Defense (DoD) environment. This role is responsible for ensuring the security, compliance, and authorization of mission-critical systems.

The ideal candidate brings deep expertise in the Risk Management Framework (RMF), DoD cybersecurity compliance, and cloud security, with a proven ability to obtain and sustain Authorizations to Operate (ATOs) while strengthening overall security posture., RMF & Authorization Management:

• Lead system assessments and determine appropriate accreditation pathways (ATO, IATT, Assess Only)
• Develop and maintain System Security Plans (SSPs), Security Requirements Traceability Matrices (SRTMs), and POA&Ms
• Manage and submit ATO packages within DoD eMASS in accordance with RMF (DoDI 8510.01, NIST SP 800-37)
• Evaluate and validate security controls per NIST SP 800-53 / 800-53A

Security Compliance & STIG Implementation:

• Perform DISA STIG and SRG assessments, including Application Security and Development (ASD) STIG
• Ensure proper system categorization in accordance with NIST SP 800-60 Vol II and CNSSI 1253
• Maintain compliance with DoD cybersecurity policies and standards

Continuous Monitoring & Risk Management:

• Execute continuous monitoring activities aligned with NIST SP 800-137
• Identify vulnerabilities, assess risk, and recommend mitigation strategies
• Track and remediate findings to maintain ATO compliance and reduce cybersecurity risk

Cloud & Application Security:

• Support the security of cloud-based systems and applications (AWS, Azure, GCP)
• Apply secure software development principles and best practices
• Assess and mitigate evolving threats across cloud and hybrid environments

Do you have experience in Security Authorization?, * U.S. Citizenship required

• CISSP or DoD 8570 IAM Level II certification (or ability to obtain within 3 months)
• CompTIA Security+ CE or equivalent (DoD 8570/8140 IAT II)
• Minimum of 8 years of RMF experience within a DoD environment
• Minimum of 5 years of working knowledge of DISA STIGs, RMF, NIST 800-53, federal cloud compliance frameworks and performing STIG assessments
• Minimum of 5 years securing or assessing cloud-based systems
• Hands-on experience with DoD eMASS and ATO package submission

Preferred Qualifications

• Experience supporting secure cloud environments (e.g., AWS GovCloud, Azure Government)
• Prior experience as an Application Developer or Systems Administrator
• Familiarity with DevSecOps and secure CI/CD pipelines
• Experience supporting large-scale, enterprise IT programs
• Active Secret Clearance preferred.

Work Environment

• Required to dress appropriately for the job environment, including adherence to safety, security, and site-specific dress standards
• Ability to sit or stand for extended periods while performing computer-based tasks
• Requires sustained use of hands and fingers for keyboarding, writing, and operation of standard office equipment, as well as frequent verbal communication, active listening, and visual acuity to perform job responsibilities effectively
• Occasional movement around the office, including climbing stairs
• Ability to travel up to 15%, which may include occasional visits to client sites or government installations