Cybersecurity Analyst - Senior

By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide.

By Light is seeking personnel to provide comprehensive support for the Defense Contract Management Agency (DCMA) Facilities Management team in the implementation and sustainment of a Computer-Aided Facility Management (CAFM) software solution. This engagement, titled "DCMA CAFM SaaS Support Services," encompasses a base year plus four option years (September 30, 2025 - September 29, 2030), and will facilitate the optimization of facility operations across DCMA's nationwide and overseas portfolio, totaling over 1.3 million square feet.

By Light will deliver a FedRAMP-approved, Impact Level 4 SaaS solution and a full spectrum of professional services, including system implementation, software development, system administration, help desk customer support, virtual and on-site training, and ongoing cybersecurity management. The CAFM system is required to streamline space planning, asset and lease tracking, capital and building operations management, and reporting, while enabling seamless integration with Autodesk and compliance with all applicable DoD cybersecurity and accessibility standards.

Lead the implementation, management, and continuous monitoring of cybersecurity controls for the DCMA Computer-Aided Facility Management (CAFM) SaaS system, ensuring full compliance with FedRAMP Moderate, DoD RMF, and NIST 800-53 standards.
• Conduct ongoing vulnerability assessments, risk analyses, and security audits of cloud and on-premises components, identifying weaknesses and formulating mitigation strategies.
• Develop and maintain cybersecurity documentation including System Security Plans (SSPs), policies, procedures, Plan of Action & Milestones (POA&Ms), and incident response plans.
• Support the development, submission, and maintenance of Authority to Operate (ATO) packages in alignment with DCMA, DoD, and federal requirements.
• Coordinate and conduct security testing (e.g., penetration tests, vulnerability scanning, compliance checks) using industry-standard tools and methodologies, documenting results and remediation actions.
• Collaborate with DevSecOps, software development, and system administration teams to ensure secure design and implementation of all technical solutions and integrations.
• Manage user access controls, account provisioning, and privileged access in compliance with least privilege and zero trust principles.
• Lead incident response efforts, performing security event investigation, analysis, and reporting; coordinate with government stakeholders to report incidents in line with contractual requirements.
• Monitor threat intelligence feeds, emerging vulnerabilities, and cyber risk advisories; provide recommendations to enhance system defenses.
• Conduct security awareness training and ensure user compliance with established security standards, policies, and procedures.

• Bachelor's Degree in Cybersecurity, Information Assurance, Computer Science, Information Systems, or a related technical field.
• Minimum 7 years' experience in cybersecurity analysis, with at least 3 years supporting FedRAMP, DoD RMF, or NIST 800-53 compliant environments.
• Proven expertise in vulnerability management, incident response, risk assessment, and compliance monitoring within cloud-based SaaS or federal IT environments.
• Direct experience supporting system assessment and authorization (ATO) processes, including development and maintenance of RMF artifacts.
• Strong knowledge of secure architecture principles, security incident management, and cloud security best practices.
• Familiarity with security tools such as Splunk, Tenable, Nessus, McAfee, or similar platforms.

• Master's Degree in Cybersecurity, Information Assurance, or a related discipline.
• Experience supporting DCMA, DoD, or other federal CAFM, asset management, or facilities management SaaS solutions.
• In-depth knowledge of Authority to Operate (ATO) and FISMA/FedRAMP accreditation processes.
• Experience with Security Technical Implementation Guides (STIGs), continuous monitoring, and penetration testing in federal environments.
• Relevant industry certifications, such as:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Cloud Security Professional (CCSP)
  • CompTIA Security
  • CASP
  • GIAC Security Essentials (GSEC) or comparable
• Experience with Section 508, ITIL Foundation, or risk management certifications.
• Background in providing security awareness and training and working within Agile or DevSecOps environments.

• U.S. citizenship required.