Senior Cybersecurity Analyst

Cyber Security Analyst – Position Description

This position is responsible for strengthening the agency’s enterprise cybersecurity posture by developing and implementing cybersecurity policy, designing secure system and network architectures, creating cybersecurity artifacts and documentation, supporting cyber incident response / mitigation, and ensuring enterprise IT environment remains aligned with Department of Defense (DoD) cybersecurity requirements and best practices. The Cyber Security Analyst will serve as a key advisor in improving overall cybersecurity strategy, helping to identify risks, mitigate vulnerabilities, and enhance the organization’s cyber resilience.

You will need significant experience and understanding of cybersecurity security architecture; and enterprise security operations; and governance, risk management, compliance (Risk Management Framework, RMF). Applicants should possess strong knowledge of DoD cybersecurity standards, National Institute of Standards and Technology (NIST) frameworks, Zero Trust Architectures, and enterprise IT security controls. Experience supporting defense-related organizations and familiarity with cybersecurity policy development and system authorization processes is highly desired.

As a Cyber Security Analyst, you will apply technical expertise and strategic thinking to analyze cybersecurity posture and prepare for cyber incident response; assist in designing secure enterprise architectures; and develop security artifacts such as SSPs, POA&Ms, ATO documentation, and other compliance packages, and. You will work closely with IT leadership, system owners, vendors, and external stakeholders to improve cybersecurity readiness and strengthen enterprise-wide security practices. You will also support IT procurement efforts by developing cybersecurity requirements and documentation for acquisition packages.

Your specific responsibilities include:

• Assess current enterprise IT environments and recommend technical, procedural, and administrative improvements to strengthen security controls.
• Conduct cybersecurity risk assessments and provide recommendations for remediation and risk mitigation.
• Design and recommend secure enterprise security architectures to improve cybersecurity posture and support Zero Trust compliance strategies.
• Draft, review, and maintain cybersecurity policies, procedures, standards, and implementation guidance aligned with DoD, NIST, and Federal cybersecurity requirements.
• Develop and maintain cybersecurity artifacts including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), Authority to Operate (ATO) documentation, risk assessments, and other compliance documentation.
• Collaborate with system owners, ISSMs, ISSOs, and IT leadership to ensure compliance with RMF, DoD cybersecurity requirements, and enterprise security standards.
• Support vulnerability management efforts by reviewing findings, prioritizing remediation activities, and validating corrective actions.
• Review and evaluate new technologies, cloud services, and IT solutions for cybersecurity compliance and enterprise security alignment.
• Provide cybersecurity guidance for cloud security, identity management, endpoint security, network segmentation, and access control strategies.
• Coordinate with internal teams, vendors, and third parties to ensure cybersecurity requirements are incorporated into operational and technical processes.
• Develop executive-level reporting, dashboards, and briefings related to cybersecurity posture, compliance, and enterprise risk.
• Support incident response planning, contingency planning, and continuous improvement of cyber defense strategy.
• Assist with overall IT-related functions and other operational duties as needed.

To be successful in this position, you will bring:

• Bachelor’s degree plus seven (7) years of relevant cybersecurity experience, or a combination of education and equivalent experience.
• Strong experience in cybersecurity policy development, security architecture, and compliance documentation.
• Experience supporting DoD cybersecurity programs and applying NIST, RMF, and DoD cybersecurity frameworks.
• DoD Cyber Security Workforce (CSWF) Level II or higher certification(s).
• Has, or is eligible for, a DoD Secret level clearance.
• Must be a U.S. citizen.
• Demonstrated knowledge of enterprise cybersecurity strategy, security governance, and risk management principles.
• Strong understanding of network security, cloud security, endpoint protection, identity and access management, and security operations.
• Experience developing ATO packages and supporting authorization processes.
• Strong written and verbal communication skills with the ability to translate complex cybersecurity requirements into clear policy and actionable guidance.
• Excellent judgment, integrity, and discretion concerning proprietary, operational, and privacy-sensitive information.

In addition, preferred requirements include:

• Experience implementing Zero Trust Architectures across enterprise IT environments.
• Knowledge of cloud security technologies and platforms including FedRAMP and Gov cloud environments.
• Experience with cybersecurity compliance tools, vulnerability management platforms, and security monitoring solutions such as Splunk, Palo Alto, Prisma Cloud, Tenable Nessus, and ACAS.
• CISSP, CISM, CEH, CASP , or equivalent advanced cybersecurity certification.
• Experience supporting cybersecurity governance for federal or defense organizations.
• Familiarity with FedRAMP, IL4/IL5 cloud requirements, and enterprise cloud security controls.
• Experience developing executive briefings and cybersecurity reporting for senior leadership.
• Ability to facilitate continuous improvement across technical cybersecurity programs.

Work standards:

Interpersonal Skills:

Demonstrates the ability to work effectively with colleagues, senior leadership, clients, and external organizations while balancing mission requirements and cybersecurity priorities.

Demonstrate ability to follow instructions:

Works effectively under strategic guidance from IT leadership and cybersecurity leadership while independently managing complex cybersecurity initiatives.

Work Location:

Remote work is authorized for this position, with periodic in-person (by travel) support for mission requirements, meetings, and collaboration as needed.

Pay: $160,000.00 - $170,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Health savings account
• Paid time off
• Vision insurance

Education:

• Bachelor's (Required)

Experience:

• Cybersecurity: 7 years (Required)
• cybersecurity policy development: 5 years (Required)
• NIST standards: 5 years (Required)
• implementing Zero Trust Architectures: 5 years (Required)
• FedRAMP: 5 years (Required)
• DoD: 5 years (Required)

License/Certification:

• CISSP (Preferred)
• CISM (Preferred)
• CEH (Preferred)
• DoD Cyber Security Workforce (CSWF Level II or higher) (Required)

Security clearance:

• Secret (Required)

Work Location: Hybrid remote in Alexandria, VA 22350

Salary : $160,000 - $170,000