CareerZen Logo
Company logo

Cybersecurity Analyst

Strategic Staffing Solutions

Full-time

Charlotte, NC

Job description

Position: SA&A Analyst

Citizenship Required: US Citizenship

Clearance: Public Trust

Job Duration: Full-time temporary

Site: Hybrid (Bethesda, MD)


Digital Global Connectors (DGC) is seeking a technical and experienced Security Assessment & Authorization (SA&A) Analyst to oversee the development, execution, and continuous improvement of security assessment and authorization activities. The ideal candidate will have extensive experience in developing Authority to Operate (ATO) packages, implementing the Risk Management Framework (RMF), and ensuring compliance with federal standards, including NIST and FedRAMP. This role requires a deep understanding of cloud security, boundary protection, and automation in security practices, along with the ability to communicate effectively with C-suite stakeholders.


Responsibilities:

  • Lead and support Assessment and Authorization (A&A) efforts for various agency systems, including those deployed in cloud environments (AWS, Azure).
  • Guide federal clients through the ATO process for new and modernized systems, ensuring compliance with NIST standards and RMF.
  • Develop and oversee the preparation of ATO documentation, including:
    • System Security Plans (SSP)
    • Security Assessment Reports (SAR)
    • Risk Assessment Memos for Risk-Based Decisions
    • Continuous Monitoring Plans
    • Plan of Action and Milestones (POA&M) management
  • Conduct control implementation assessments and validate statements against NIST SP 800-53 requirements.
  • Test and validate security controls, identify gaps, and ensure remediation through POA&M tracking and management.
  • Create and maintain a comprehensive Risk Register, updating stakeholders on high-risk areas.
  • Facilitate Incident Response (IR) and Contingency Plan (CP) tests, providing timely updates and recommendations.
  • Lead stakeholder interviews and exit meetings to review and debrief identified findings.
  • Provide pre-submission review of ATO packages for approval by the CISO and CIO.
  • Design and implement security controls to enhance the security posture of systems and environments.
  • Perform security controls assessments on security boundaries and produce required security documentation.
  • Leverage automation and artificial intelligence (AI) technologies to enhance efficiency in A&A processes.

Desired Skills & Experience:

  • Certifications:
    • Certified Information Systems Security Professional (CISSP)
    • Certified Authorization Professional (CAP)
  • Technical Experience:
    • 5+ years of experience with A&A and FedRAMP processes, including cloud deployments (SaaS, PaaS, IaaS).
    • Experience assessing systems deployed in cloud environments (Microsoft Azure and AWS).
    • Strong expertise with NIST publications, including SP 800-53 R5, SP 800-37 R2, SP 800-137, and related frameworks.
    • Extensive knowledge of IT security policies, processes, and governance.
    • Proficiency with multiple operating systems (Windows, Linux, Solaris).
  • Key Competencies:
    • Strong understanding of control testing, control requirements, and supporting artifacts.
    • Familiarity with AI, large language models (LLM), guardrails, and automation.
    • Deep expertise in cloud security, boundary protection, asset management, and vulnerability management
  • Other Desired Experience:
    • Prior experience with healthcare sector systems is a plus.
    • Strong oral and written communication skills, with the ability to present findings and recommendations to C-suite executives.
    • Experience leading teams in a client-facing environment.
Apply