Hybrid in VA - Senior Information Security Analyst; CMMC

Overview

Job Title: Senior Information Security Analyst (CMMC - Required)

Location: Hybrid - Herndon, VA (2 days onsite weekly, but then can go to 1 day after ramp up)

Contract to Hire: Candidates must be willing to convert to FTE after contract period

Target Pay Rate During

Contract:

$60.00 / Hourly W2

Target Salary Range Upon Conversion: $120,000 / Annually

Benefits: This job may be eligible for medical, dental, vision, 401(k), and additional employer provided benefits.

Work Authorization: US Citizens or Green Card holders - due to government regulated work environment.

About the Role: A growing technology focused government contractor is seeking a Senior Information Security Analyst to support their active pursuit of CMMC Level 2 compliance and strengthen their internal security program. This is a hands on security and compliance role focused on implementing technical controls, gathering evidence, preparing for audits, and partnering directly with IT teams to ensure systems meet NIST SP 800 171, DFARS, and related cybersecurity requirements.

This analyst serves as the right hand to the Information Systems Security Officer and operates with significant autonomy in a small, highly collaborative environment.

• Implement, operate, and sustain information security controls aligned to NIST SP 800 171 and CMMC Level 2
• Configure and validate technical controls such as MFA, logging, encryption hardening and access control
• Collect, develop, validate and organize audit evidence for internal and external assessments
• Maintain and update System Security Plans (SSPs), POA&Ms, control narratives and supporting documentation
• Perform control assessments, identify gaps and drive remediation through closure
• Work directly with IT administrators to securely configure M365, Azure AD, Entra , Intune, GPO, SIEM and EDR tools
• Prepare for audits, respond to auditor questions and supply artifacts
• Support incident investigation documentation and corrective action follow up
• Serve as an Alternate ISSO for designated systems as delegated
• Provide mentorship and task level guidance to junior analysts

• Hands on implementation of NIST SP 800 171 and CMMC Level 2 controls
• Technical security operations experience including access control, logging, monitoring, vulnerability management, endpoint hardening and encryption
• Experience with Microsoft 365, Azure AD, Entra , Windows security, Intune, GPO and SIEM/EDR platforms
• Audit preparation and evidence development experience
• Ability to work independently in a regulated and fast moving environment
• Preferred Background:
  Experience in government contracting or Defense Industrial Base settings
• Prior ISSO, ISSM or RMF practitioner experience
• Experience in GCC High or similar secure cloud environments
• Familiarity with DFARS  requirements
• Security certifications such as CISSP, CISM or CMMC RP/CCP are a plus

EEO / Compliance: Addison Group is an Equal Opportunity Employer. Addison Group provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. Addison Group complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

Reasonable accommodation is available for qualified individuals with disabilities, upon request.