Sharp Decisions

IT Security Analyst T3 (516)

Sharp Decisions
Herndon, VA
Contract
Hybrid
1 month ago

About the role

Hybrid on-site Herndon VA
Contract to Hire
US Citizen only
Position Summary
The Security Analyst (SA) will work as a member of the cyber team, assisting with the creation, update, and maintenance of FedRAMP required security documentation, associated artifacts, and Continuous Monitoring (CONMON) requirements — including Plan of Action and Milestones (POA&M). The SA advises stakeholders on changing regulatory, government, and Cloud/FedRAMP policies, supports risk assessments, system categorization, security authorization and accreditation activities (A&A), and validates control compliance across providers.
Required Skills
  • Understand and document information system specifications and security controls, including logical and physical diagrams, connectivity, communication, and data flow diagrams — both internal and external to the system.
  • Advise stakeholders on multiple courses of action in environments with changing unconfirmed policy (e.g., NIST RMF and DISA SRG).
  • Document courses of action and identify risk mitigation recommendations in accordance with FedRAMP requirements, company policy, and best practices, with associated benefits and drawbacks.
  • Apply enterprise security frameworks such as FISMA and NIST SP 800 toward existing cloud environment initiatives.
  • Develop and update policies and procedures to implement FedRAMP compliance as well as NIST 800-171 requirements and other DFAR clauses.
  • Understand enterprise operating environments, including security posture, application environment, and associated security controls.
  • Demonstrate familiarity with current FedRAMP, DoD, and NIST security controls and technologies, including vulnerability management capabilities.
  • Identify and assess cloud system state, including vulnerabilities, RMF package status, accreditation model, PPS compliance, and patching/CSVA mechanisms.

Key Frameworks & Standards
FedRAMP NIST SP 800 NIST RMF FISMA DISA SRG NIST 800-171 DFAR CNSS Privacy Act
Required Experience
  • Demonstrated knowledge and ability to analyze systems for cybersecurity compliance.
  • Ability to work in a fast-paced, team-oriented environment.
  • Knowledge of Federal and DoD policies and risk assessment methodologies, including FedRAMP.
  • Experience writing or executing system security documentation, authorization to operate packages, POA&Ms, and policies.
  • Experience reviewing, editing, and writing technical documents.
  • Presentation and public speaking skills required.
  • Knowledge of DISA STIGs and SRGs, Committee for National Security Systems Instructions, and the NIST Risk Management Framework.
  • Knowledge and understanding of systems and networking technologies and concepts.
  • Ability to interpret and assess network diagrams and drawings using Visio.
  • Familiarity with Testing, Development, Staging, and pre-production environments requiring cybersecurity support.
  • Knowledge of the Privacy Act.

Cyber Team  ·  FedRAMP / Cloud Security

Skills

Information TechnologyInformation Technology & Services
See more jobs in Herndon, VA