🔐 Information Security Analyst (FISMA / FedRAMP)

🔐 Information Security Analyst (FISMA / FedRAMP)

Location: Hybrid – Rockville, MD or Tysons, VA (3 days onsite per week) #TS-9035

• Our client, an AWS partnered analytics organization, owns the world’s largest financial data store and runs continuous analytics on global stock data movement with the goal of being ahead of potential bad actors in the market. Highlights:
• We own the world’s largest financial store (37 petabytes and growing) and look at 155 billion financial transactions daily— more than Twitter, Visa®, PayPal and Facebook combined.
• Leading Innovator in Machine Learning/AI, Big Data, AWS, trading algorithms
• AWS- select Partner: forging one of the biggest and most unique partnerships formed with AWS.
• Deep culture of internal upskilling
• Named 2020 #1 best place to work for US organizations with up to 5k employees.

🔐 Information Security Analyst (FISMA / FedRAMP) — Hybrid | Rockville, MD / Tysons, VA

We’re seeking a motivated Information Security Analyst / Security Consultant (3–5 years experience) to join a growing security assessment & advisory team supporting federal and commercial cloud security programs. This role is ideal for someone who enjoys working directly with clients, presenting security findings, and translating NIST 800-53 controls into real-world technical implementations.

Federal/government security experience is welcome — and often a strong plus.

This position requires excellent presentation skills and comfort working in a client-facing environment.

🔎 What You’ll Do

• Support security assessments and advisory engagements aligned to FISMA & FedRAMP requirements
• Develop and maintain Security Authorization Packages, including:
• System Security Plans, Contingency Plans, Incident Response Plans, CM Plans, PIAs, SAPs & SARs
• Participate in client interviews and working sessions to gather security evidence
• Review packages for accuracy, completeness, and compliance
• Support ongoing ATO / Authorization Maintenance activities
• Analyze vulnerability scan results from tools such as:
• SentinelOne, Qualys, WebInspect, Burp Suite, IBM AppScan, AppDetective, etc.
• Contribute to security risk analysis and remediation recommendations
• Collaborate across internal delivery teams to ensure high-quality outcomes
• Present assessment findings and security recommendations to client stakeholders

✔ Must-Have Skills (3–4 of the following)

• Hands-on experience with FISMA & NIST 800-series guidelines
• (800-30, 800-37, 800-53 / 53A, 800-60, etc.)
• Strong written & verbal communication — including presentation skills (required)
• 3–5 years in Information Security / Compliance / Security Consulting
• One or more security certifications preferred:
• Security , CEH, CISSP, CAP, GSEC, CASP, CCNA/CCNP, AWS Security, etc.

⭐ Highly Preferred

• FedRAMP experience (assessment, documentation, or advisory)
• Experience with modern technologies:
• Cloud, AI, Splunk, ServiceNow, DevSecOps, or automation tooling
• Exposure to SOC 2, PCI-DSS, or RegSCI

🌎 Work Environment

• Business-casual, collaborative consulting culture
• Hybrid — offices in Rockville, MD and Tysons, VA
• Client-facing role with presentation visibility & growth opportunity