Systems Security Analyst
ADG Tech Consulting, LLC.
Vienna, United States of America
25 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Compensation
$ 110KJob location
Vienna, United States of America
Tech stack
Microsoft Excel
JIRA
Decision Support Systems
Software Vulnerability Management
Information Security Management System
Cloud Platform System
Generative AI
Nessus
CIS Benchmarks
Devsecops
ServiceNow
Job description
- Serve as the security technical SME, collaborating with the delivery team project manager and leading a security team of approximately five members
- Act as the security technical SME in interactions with government project customers, ISSOs, and ISMs
- Define, implement, and manage security team processes and procedures, ensuring team understanding and compliance
- Oversee technical aspects of handling identified security weaknesses and POA&Ms from intake through remediation
- Support the development team in executing and enhancing the DevSecOps process, aligning with the customer's "security to the left" requirement
Requirements
Do you have experience in Vulnerability management?, * Extensive knowledge of federal cybersecurity governance, risk management, and continuous monitoring processes, including RMF, NIST SP 800-53, NIST CSF, A&A/C&A, POA&M management, and control validation
- Proficient in interpreting and applying security hardening standards and compliance baselines (DISA STIGs, CIS Benchmarks, CVEs), and assessing technical findings against organizational security requirements
- Skilled in vulnerability management workflows, including Tenable/Nessus scan analysis, validation of findings, identification of false positives, and translating vulnerabilities into remediation or POA&M actions
- Experienced in weakness and POA&M remediation through review of SSPs, assessment results, scans, remediation artifacts, and risk analysis in accordance with NIST and federal standards
- Capable of updating and maintaining SSP documentation for enterprise and cloud environments, including control tailoring, inheritance documentation, and alignment with RMF, FedRAMP, and federal requirements
- Proficient in managing vulnerability and POA&M workflows across CSAM/GRC, WTT/ServiceNow, Jira, and Excel, ensuring data alignment, traceability, and closure readiness
- Able to participate in security audits and assessments, interpret findings, and coordinate remediation and evidence collection for compliance and operational requirements
- Strong documentation skills, translating complex workflows into clear process diagrams, SOPs, and management-ready summaries for cross-functional teams
- Experienced in leveraging Generative AI tools to enhance cybersecurity workflows, research, documentation, and decision support, with careful attention to information sensitivity and validation
- Active CISSP certification desired, but not required