Information Assurance & Security Analyst
Role details
Job location
Tech stack
Job description
- Monitor, assess, and ensure continuous compliance with DoD, DLA, and RMF security requirements for web-based and enterprise applications across cloud (AWS GovCloud) and on-premises environments.
- Execute and maintain continuous monitoring (ConMon) activities, including vulnerability identification, risk assessment, remediation tracking, and security posture reporting for systems and supporting infrastructure.
- Perform and support compliance activities such as ACAS vulnerability scanning, CVA assessments, CCRI preparation and execution, and internal/external security audits.
- Prepare, review, and maintain RMF artifacts, including SSPs, control implementations, risk assessments, and Plans of Action and Milestones (POA&Ms) in coordination with Government stakeholders.
- Support audit readiness and coordinate with the DLA Computer Emergency Response Team (CERT), Information Assurance personnel, and enterprise security organizations.
- Participate in configuration and change management activities to assess security impacts, support authorization decisions, and ensure traceability of approved changes.
- Support security incident response, root cause analysis, corrective actions, and reporting in accordance with DoD and DLA policies.
Application Security Support ( 50%)
- Embed with Agile/DevSecOps application teams to provide security input throughout the requirements definition, design, development, testing, and deployment lifecycle.
- Collaborate with product owners, developers, and testers to elicit and refine security and compliance requirements, ensuring alignment with RMF controls and system authorization boundaries.
- Support application-level security testing, including functional security validation, regression testing, and coordination of automated and manual security testing activities.
- Provide security guidance for the implementation, integration, and sustainment of COTS/GOTS solutions, including web applications, microservices, APIs, and data interfaces.
- Review and assess security impacts of application changes, enhancements, and technical refresh activities; recommend risk-based mitigations and security improvements.
- Participate in DevSecOps pipeline activities, supporting the integration of security scanning tools, defect tracking, and remediation workflows.
- Develop and deliver security training and awareness materials for users, developers, and support staff, including quick reference guides, job aids, and system-specific security documentation.
- Support R&D and modernization efforts, identifying opportunities to enhance application security, improve automation, and strengthen system resilience.
Requirements
Do you have a Bachelor's degree?, * Active Secret Clearance: Must possess and maintain a Secret clearance valid in DISS; eligibility for SIPR/NIPR network access required (Minimum)
- Bachelor's Degree in Cloud Engineering, Computer Science, Engineering, or Information Systems (Minimum)
Current DoDD-8140/8570 certification (Required):
- Must meet and maintain DoD 8570/8140 certification for a cyber security workforce position (e.g., Security+, CISSP, CISM, or equivalent) CompTIA Security+ CE, Technical Expertise: Proficiency in:
- Security Technical Implementation Guides (STIGs)
- Risk Management Framework (RMF) documentation and processes
- Security Content Automation Protocol (SCAP)
- Assured Compliance Assessment Solution (ACAS) scans
- Vulnerability Assessment and Command Cyber Readiness Inspections (CCRI)
System Hardening Experience: Demonstrated experience with OS hardening, patch management, and sustainment in line with DoD security policies
Database Security: Experience supporting security for Oracle databases and JAVA/J2EE web-based environments
Strong Documentation Skills: Experience supporting development of IA/cybersecurity documentation, POA&Ms, and audit artifacts
Preferred/Desired Qualifications
- Advanced (CISSP, CISM, CASP+) or equivalent cybersecurity certifications
- Bachelor's or higher in Cybersecurity, Information Assurance, Computer Science, or related field
- DHS Trusted Tester Certification (508)
- Experience supporting DoD Information Assurance/Cybersecurity programs, especially with DLA, DISA, or Combatant Commands
- Familiarity with Wildfly Elytron security framework and integrating DoD-mandated authentication solutions
- Background with cloud security (AWS) and hybrid-cloud/on-premises RMF implementation
- Demonstrated record of supporting large-scale, mission-critical web applications and data/reporting environments in DoD or similar agencies
- Experience facilitating security training and documentation for diverse audiences
- Excellent interpersonal and written/oral communication skills
Benefits & conditions
Pulled from the full job description
- Tuition reimbursement
- 401(k)
- Health insurance
- 401(k) matching
- Paid time off
- Vision insurance
- Dental insurance, * 401(k)
- 401(k) matching
- Dental insurance
- Health insurance
- Life insurance
- Paid time off
- Tuition reimbursement
- Vision insurance