Data Security Analyst

Amentum is a global leader in advanced engineering and innovative technology solutions, trusted by the United States and its allies to address their most significant and complex challenges in science, security and sustainability. Our people apply undaunted curiosity, relentless ambition and boundless imagination to challenge convention and drive progress. Our commitment s are underpinned by the belief that safety, collaboration and well-being are integral to success.

Headquartered in Chantilly, Virginia, we have approximately 50,000 employees in more than 70 countries across all 7 continents.

This role focuses on robust data classification, protection of sensitive data across jurisdictions, and compliance with stringent international privacy laws and government security standards (e.g., FedRAMP, FISMA, NIST, GDPR, and others). You will ensure the confidentiality, integrity, and availability of data at rest, in transit, and during processing while supporting secure cross-border data flows and government regulatory requirements. This position is

• Data Classification & Governance: Support organization-wide data classification programs tailored for international and government contexts. Coordinate and maintain classification schemas (e.g., Public, Internal, Confidential, Restricted/Sensitive, Classified) and ensure consistent tagging and handling of data in warehouses and pipelines.
• Data Warehouse Security: Implement and maintain classification-driven security controls in data warehouses (Snowflake, Redshift, Big Query, Databricks, Azure Synapse, Microsoft Fabric or on-prem solutions), including RBAC, column/row-level security, dynamic data masking, encryption at rest, and audit logging.
• International Compliance & Cross-Border Data Flows: Manage data sovereignty, localization requirements, and cross-border transfer mechanisms (Standard Contractual Clauses, Binding Corporate Rules, adequacy decisions). Ensure compliance with GDPR, LGPD, PIPL, CCPA/CPRA, and other regional regulations.
• Government & Regulatory Compliance: Support FedRAMP, FISMA, NIST 800-53, CMMC, ITAR, or equivalent government frameworks. Prepare for audits, maintain Authorization to Operate (ATO) evidence, and implement required security controls for government contracts or public sector data.
• ETL/Pipeline & Interface Security: Secure data ingestion, transformation, and movement processes with classification-aware controls. Protect interfaces (APIs, SFTP, EDI, messaging queues) using TLS, mutual authentication, encryption, and DLP policies suitable for international and government data exchanges.
• Access Management & Least Privilege: Enforce strict access controls based on data classification, user clearance levels (where applicable), and need-to-know principles. Manage privileged access and conduct regular access reviews and recertifications.
• Risk Assessment, Auditing & Monitoring: Support risk assessments, vulnerability scans, and penetration testing focused on international data flows and government environments. Monitor logs and support Cyber Security use of SIEM tools to detect threats or compliance violations.
• Incident Response & Forensics: Support security incident investigations involving data warehouses, ensuring proper handling per government and international breach notification requirements.
• Collaboration: Partner with data engineering, compliance, legal, and government stakeholders to embed security and classification into data architecture and pipelines. Advise on secure data sharing with international partners or government agencies.
• Perform other responsibilities as assigned.

• Deep knowledge of data classification frameworks and tools in regulated settings.
• Strong understanding of:
  International privacy and data protection laws (GDPR, Schrems II, etc.)
• U.S. Government standards (FedRAMP, NIST, FISMA, DoD SRG)
• Cloud security and compliance (AWS, Azure, GCP Government Cloud)
• Skill in supporting security risk assessments and forensic investigations compliant with global breach notification laws.
• Ability to translate complex international privacy and government…