Job Description

Job Title: IT Security Specialist / Cybersecurity Analyst

Location: Remote / Telework

Duration: Long-Term Contract

We are seeking a detail-oriented and proactive IT Security Specialist/ Cybersecurity Analyst to support enterprise application security and ensure ongoing compliance with federal cybersecurity standards. The ideal candidate will lead vulnerability assessments , manage Authorization to Operate (ATO) documentation, and collaborate with cross-functional teams to implement and monitor secure software deployment practices.

This role is crucial to maintaining the security posture of mission-critical systems in accordance with NIST , FIPS , and GSA security policies.

• Ensure systems meet federal cybersecurity and compliance requirements , including NIST , FIPS , and GSA policies.
• Conduct and oversee vulnerability assessments using approved scanning tools and coordinate remediation plans.
• Maintain and update ATO documentation , including System Security Plans (SSP) , Plan of Action and Milestones (POA&M) , and Security Assessment Reports (SAR) .
• Collaborate with ISSO/ISSM on incident response, reporting, and risk assessments.
• Participate in security audits, readiness assessments, and compliance reviews.
• Work closely with development and infrastructure teams to integrate security into the CI/CD pipeline and ensure secure code deployment.

• Strong knowledge of federal security standards including:
  • NIST SP 800-53 , NIST SP 800-37 , FIPS 140-2/3
  • FedRAMP and A&A (Assessment & Authorization) processes
• Experience managing and remediating vulnerabilities using tools such as Nessus , Qualys , or OpenVAS
• Familiarity with GSA IT Security Policies , FISMA , and Continuous Monitoring (ConMon)
• Understanding of security documentation and compliance artifacts (e.g., SSP, POA&M, SAR, Risk Assessment)
• Strong verbal and written communication skills for interfacing with technical and non-technical stakeholders

• Experience with cloud-based security environments (AWS, Azure, or GCP)
• Knowledge of SIEM tools and security logging/monitoring practices
• Relevant certifications such as Security+ , CISSP , CEH , or CAP

Job Tags

Similar Jobs