CYBERSECURITY ANALYST
Role details
Job location
Tech stack
Job description
- Conduct and support review of assessment documentation that includes, vulnerability scans, penetration test reports, SSP, SAR, PIA, E-AUTH, POA&Ms, Incident Response.
- Document technical findings, process recommendations, data governance considerations, and assessment results using clear, concise, and actionable written communication.
- Contribute to continuous monitoring and operational support activities to help maintain the reliability, security, and compliance of data science platforms and research support systems.
- Monitor system activity, review operational and security-related alerts, and assist with troubleshooting, incident coordination, and response activities affecting data platforms and services.
- Assist in the development and maintenance of system security and compliance documentation, including System Security Plans (SSPs), POA&Ms, standard operating procedures, data management documentation, and other required artifacts.
- Collaborate with program staff, system owners, data scientists, engineers, security personnel, and project managers to implement technical, security, and data stewardship requirements across extramural data science systems.
- Support ATO (Authority to Operate) processes and related compliance efforts, including evidence collection, control validation, and coordination with stakeholders responsible for secure research computing environments.
- Communicate technical information effectively to diverse stakeholder groups, including scientific, technical, operational, and leadership audiences, through clear written and verbal communication.
- Support the adoption of best practices for confidentiality, integrity, and availability of data across extramural data science activities.
Requirements
Triple Point Security is seeking a mid-level Security Analyst to support the implementation, operation, and continuous improvement of security capabilities across our federal, state, local, and commercial client engagements. Working within a team of cybersecurity professionals, the Security Analyst will contribute to a range of activities including review of security assessments, vulnerability management, security tool deployment, and compliance support. This role is well-suited for a detail-oriented analyst with hands-on RMF security compliance experience and strong communication and collaboration skills who is looking to grow their career within a specialized, fast-moving cybersecurity consulting firm and mentor junior team members., * Bachelor's degree in Cybersecurity, Information Systems, Information Technology, Computer Science, or a related field, or equivalent combination of education and experience.
- 4-7 years of experience in information security, cybersecurity compliance, risk management, security assessment, or a related role.
- Demonstrated experience reviewing, interpreting, and assessing System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and related security authorization documentation.
- Working knowledge of the Authorization to Operate (ATO) process and the Risk Management Framework (RMF), including security control selection, implementation, assessment, and remediation tracking.
- Strong understanding of NIST SP 800-53, FISMA, and federal information security compliance requirements.
- Ability to evaluate security controls and determine whether documentation and implementations adequately address federal compliance expectations.
- Experience supporting or participating in security control assessments, risk assessments, vulnerability assessments, or compliance reviews in federal or federally aligned environments.
- Ability to interpret technical, operational, and administrative security controls and communicate gaps, risks, and recommendations to both technical and non-technical stakeholders.
- Familiarity with core security concepts such as access control, authentication, logging and monitoring, incident response, configuration management, contingency planning, and vulnerability management.
- Strong written and verbal communication skills, including the ability to provide clear compliance feedback, document findings, and support partners through remediation and authorization activities.
- Experience collaborating with system owners, ISSOs, security teams, assessors, and external partners to resolve documentation and control deficiencies.
- Must be a U.S. citizen eligible to work in a federal environment and, if required, obtain and maintain a federal security clearance.
Preferred Qualifications
- Experience supporting federal ATO packages for internal systems, contractor systems, or external partner systems.
- Familiarity with reviewing and validating supporting artifacts such as control implementation statements, architecture diagrams, policies, procedures, inventories, contingency plans, incident response documentation, and vulnerability scan results.
- Experience helping organizations prepare for or respond to security assessments, independent reviews, or authorization decisions.
- Understanding of cloud security and compliance considerations in AWS, Azure, or GCP, including how cloud services affect control inheritance and responsibility models.
- Familiarity with Zero Trust Architecture, identity and access management principles, and modern federal cybersecurity initiatives.
- Experience with governance, risk, and compliance tools or authorization repositories used to manage SSPs, SARs, POA&Ms, and related artifacts.
- Ability to balance compliance requirements with operational realities and provide practical, risk-informed guidance to external partners.
- Experience working within or supporting federal agencies, federally funded programs, or regulated environments.
- Relevant certifications such as CISSP, CISM, CAP, Security+, CGRC, or similar.
Clearance & Certifications
Clearance
- Active Public Trust preferred
- Must be a U.S. citizen and eligible to obtain or maintain a federal security clearance
Certifications (Required or Preferred)
- CompTIA Security+ - Required (or equivalent DoD 8570/8140 baseline certification)
- CompTIA CySA+, CEH, or GIAC GSEC - Preferred
- Cloud security certification (AWS Associate-level or Specialty, AZ-104, or GCP Professional-level) - Preferred
- CISSP or CAP - A plus for candidates at the upper end of the experience range, The ideal candidate is technically hands-on and detail-oriented, with the flexibility to move between security operations, compliance support, and client-facing deliverable production. They bring a strong foundational understanding of security requirements and frameworks and are motivated to deepen their expertise across Triple Point's service areas - including ZTA, DevSecOps, and secure cloud and AI adoption - as they grow within the firm. They are a strong collaborator, effective communicator, and independent problem-solver eager to learn new technologies and grow their existing skills.