Cyber Analyst

Responsibilities & Qualifications

RESPONSIBILITIES

• Assists with Certification & Accreditation (C&A), Authorization to Operate (ATO), and security authorization activities for DoW information systems.
• Provides administrative and technical support to the ISSM in conducting risk assessments, implementing security controls, and developing cybersecurity policies, procedures, and security plans.
• Assess cybersecurity documentation and authorization artifacts, including SSPs, POA&M's, Security Assessment Reports, Risk Assessments, Contingency Plans, Incident Response Plans, Configuration Management Plans, and supporting RMF documentation.
• Supports continuous monitoring activities and validates compliance with FISMA, RMF, and organizational cybersecurity requirements.
• Provides guidance and support in the development and maintenance of system authorization packages, hardware and software inventories, boundary diagrams, and other compliance documentation.
• Coordinates with system owners, ISSMs, ISSOs, Engineers, and Cyber Security stakeholders to support compliance requirements, remediation efforts, and authorization activities.
• Analyze cybersecurity risks, vulnerabilities, and compliance gaps and provide recommendations for remediation, risk mitigation, and risk acceptance strategies.
• Provides cybersecurity guidance and support to project teams and stakeholders to ensure security requirements are integrated into project planning and execution.
• Review and validate RMF artifacts for completeness, accuracy, and compliance prior to submission to Authorizing Officials (AO), Security Control Assessors (SCA), and cybersecurity review boards.
• Facilitate package reviews and coordinate cybersecurity approval activities through applicable governance boards, change control processes, and authorization decision points.

REQUIRED QUALIFICATIONS

• 5 years’ experience in RMF with Army or other DoW Organizations with emphasis on analyzing and accessing ATO packages.
• Knowledge of Department of War (DoW) policies, directives, and regulatory guidance in the cybersecurity field.
• Working knowledge of eMASS and DoW workflow tools.
• Knowledge and experience with technologies such as cloud computing environments, cybersecurity infrastructure, forensic analytics, and DoW Public Key Infrastructure.
• Demonstrated experience coordinating cross-functional teams consisting of cybersecurity engineers, system administrators, developers, and government stakeholders.
• Demonstrated experience managing multiple concurrent ATO packages and deliverables.
• Demonstrated ability to identify, track, and communicate ATO risks, issues, dependencies, and mitigation activities.
• Demonstrated experience preparing and presenting project status updates for ATO packages and performance metrics to senior leadership and government customers.
• Knowledge of DoW hosting environments, including cloud, on-premises, and hybrid architectures.

REQUIRED CERTIFICATION

• DoW 8570/8140 IAT Level III Baseline Certification.
  • Certified Information Systems Security Professional (CISSP) or equivalent

DESIRED QUALIFICATIONS

• Experience developing and reviewing ATO packages and RMF documentation.
• Familiarity with vulnerability management, continuous monitoring, security control assessments, and POA&M management.
• Strong written and verbal communication skills with experience producing cybersecurity documentation and executive-level reports.
• Demonstrated ability to translate security policies, implementation guidance, and requirements into effective cybersecurity engineering solutions.
• Experience with government or military setting with an emphasis on cybersecurity and compliance projects.

We are seeking a Cybersecurity Analyst to support Risk Management Framework (RMF) activities and security authorization efforts for Department of War (DoW) information systems. This role is responsible for assessing and reviewing Authorization to Operate (ATO) packages, evaluating cybersecurity documentation, and supporting compliance with RMF, FISMA, and DoW cybersecurity requirements. The successful candidate will work closely with ISSMs, ISSOs, engineers, system owners, and government stakeholders to facilitate authorization activities, manage cybersecurity risks, and ensure security controls are properly implemented and documented.

The Cybersecurity Analyst will provide support with assessment, and maintenance of RMF artifacts and authorization packages, ensuring documentation is complete, accurate, and compliant with applicable policies and standards. This position requires the ability to analyze cybersecurity risks, identify compliance gaps, coordinate remediation efforts, and support continuous monitoring activities across complex IT environments, including cloud, on-premises, and hybrid architectures.

The ideal candidate will possess extensive experience supporting DoW cybersecurity programs, managing multiple ATO efforts simultaneously, and utilizing tools such as eMASS to track authorization activities and compliance…