Cybersecurity Analyst

📍 Location: Washington, DC (Onsite – 5 Days/Week)

🔒 Clearance: Active Secret required (Top Secret eligible)

💼 Type: Full-Time

About The Role

We are seeking a Cybersecurity Analyst with strong experience in ATO and RMF compliance to support a high-volume federal cybersecurity program.

This role is heavily focused on leading Authorization to Operate (ATO) efforts from start to finish—owning documentation, coordinating stakeholders, and guiding systems through assessment and authorization with minimal to no hand-holding.

The ideal candidate combines deep compliance expertise with enough technical understanding of cloud and infrastructure (Azure/AWS) to confidently engage engineers, assessors, and senior leadership.

Key Responsibilities

ATO Ownership (End-to-End)

• Lead systems through the full ATO lifecycle using NIST Risk Management Framework
• Independently manage ATO packages from initiation through authorization
• Develop and maintain:
• System Security Plans (SSPs)
• Security Assessment Reports (SARs)
• Plans of Action & Milestones (POA&Ms)
• Write detailed control implementation statements aligned to NIST SP 800-53 Rev. 5
• Prepare for and support assessment boards and authorization reviews
  

NIST Rev. 5 & Control Implementation

• Apply and interpret NIST 800-53 Rev. 5 controls and baselines
• Support migration of systems from older control baselines to Rev. 5
• Collect, validate, and organize artifacts required for control implementation
• Justify control implementations to assessors and review boards
  
  

Cloud Compliance (Azure & AWS)

• Support ATO efforts for systems deployed in:
• Microsoft Azure
• Amazon Web Services (AWS)
• Understand cloud architecture, services, and data flows well enough to:
• Document systems accurately
• Translate technical configurations into compliance language
• Partner with engineers to align cloud implementations with compliance requirements (Note: This is not a hands-on engineering role, but requires strong technical fluency.)
  

Stakeholder Engagement

• Interface directly with:
• System Engineers & Architects
• ISSOs / Security Teams
• Authorizing Officials (AOs)
• Senior leadership (CIO-level stakeholders)
• Clearly communicate requirements, gaps, and remediation actions
• Lead discussions during assessments and audits
  

Audit, Risk & Continuous Monitoring

• Support audits, data calls, and compliance reviews
• Identify risks, gaps, and remediation actions
• Track and manage POA&Ms to closure
• Contribute to continuous monitoring (ConMon) activities
• Support related efforts such as privacy compliance when needed
  
  

Tools & Environment

• Primary GRC Tool: Archangel (preferred)
• Familiarity with tools such as eMASS or Xacta (legacy experience acceptable)
• Exposure to SIEM tools such as Splunk is a plus
  
  

Required Qualifications

• 5 years of experience in cybersecurity compliance / RMF / ATO support (Strong candidates with slightly less experience may be considered)
• Proven ability to lead ATOs independently from start to finish
• Hands-on experience with:
• NIST Risk Management Framework
• NIST SP 800-53 Rev. 5
• Experience writing implementation statements and ATO documentation
• Strong understanding of cloud environments (Azure and/or AWS)
• Ability to communicate effectively with both technical and executive stakeholders
• Experience working in federal or government environments
  

Preferred Qualifications

• Experience with FedRAMP, CIS benchmarks, or similar frameworks
• Familiarity with Archangel
• Exposure to SIEM tools (e.g., Splunk)
• Experience supporting high-volume ATO pipelines / multiple concurrent systems
  
  

Certifications (Preferred, Not Required)

• CISSP (highly desirable)
• CAP
• CISM
• Security (baseline)
  
  

What Success Looks Like

• Independently drives multiple systems through ATO with minimal oversight
• Produces high-quality, audit-ready documentation
• Confidently defends control implementations to assessors
• Effectively bridges communication between engineers and compliance stakeholders
• Keeps pace with high workload and multiple concurrent ATO efforts
  
  

Ideal Candidate Profile

• Self-sufficient (“no hand-holding”) and proactive
• Strong communicator who can engage senior stakeholders
• Comfortable shifting between ATO work, audits, data calls, and privacy tasks
• Technically fluent in cloud environments without being a hands-on engineer