Cybersecurity Analyst – ISSO Support / Threat & SOC Monitoring jobs in United States
cer-icon
Apply on Employer Site
company-logo

COLSA · 1 day ago

Cybersecurity Analyst – ISSO Support / Threat & SOC Monitoring

positionCalifornia, United States
timeFull-time
remoteOnsite
seniorityMid, Senior Level

COLSA is seeking a Cybersecurity Analyst to fulfill critical ISSO responsibilities while supporting Security Operations Center (SOC) and Threat Analyst functions. The role involves maintaining cybersecurity posture, managing compliance with cybersecurity directives, and responding to incidents while providing support to the Government customer.

Cyber SecurityInformation TechnologySoftware
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Serve as the ISSO in support of the ISO for assigned systems, ensuring full compliance with RMF, DoDI 8510.01, and NIST SP 800-53 security control baselines
Manage and maintain all RMF-related documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessment Reports (RARs), and Plan of Action and Milestones (POA&Ms)
Conduct security control assessments and facilitate ongoing authorization (ATO/ATC) activities
Work directly with system owners, administrators, and the Government cybersecurity team to ensure all security controls are properly implemented and documented
Coordinate and support all phases of the RMF lifecycle from categorization to continuous monitoring
Lead vulnerability and compliance assessments using automated tools (e.g., ACAS, STIG Viewer) and ensure all findings are remediated or tracked via POA&Ms
Participate in Configuration Control Boards (CCBs) and validate that system changes do not negatively impact security controls or the authorization boundary
Track and report on system compliance metrics, ensuring timely updates to APMS and eMASS and supporting audit readiness activities
Develop and deliver security awareness training, user role validation, and account recertification in accordance with policy
Act as liaison with Authorizing Officials (AOs), Control Assessors (CAs), and NETCOM to facilitate ATO packages and compliance reviews
Monitor and analyze security events from SIEM platforms, firewalls, IDS/IPS, and EDR tools to detect threats and abnormal activity
Support incident response activities and coordinate with local defender to assess impact, containment, and recovery actions
Document all security incidents in alignment with incident handling procedures and provide after-action reports for leadership
Ensure that incident findings are mapped back to RMF controls, and that system documentation is updated accordingly
Monitor Cyber Tasking Orders (CTOs), security bulletins, CVEs, and threat intelligence feeds for relevance to the operational environment
Analyze potential threat vectors and adversary TTPs using frameworks such as MITRE ATT&CK and translate findings into actionable security enhancements
Collaborate with stakeholders to recommend technical and policy-based countermeasures aligned with organizational risk tolerance and mission impact
Prepare detailed risk assessment reports, compliance dashboards, and security briefings for senior leadership and stakeholders
Submit timely updates and artifacts to eMASS and participate in regular cybersecurity status meetings
Provide clear, data-driven recommendations for improving system security postures and addressing identified risks
Coordinate with mission owners and developers to implement security in system development lifecycles (SDLC)
Maintain awareness and proper configuration of continuous monitoring tools including SIEMs, vulnerability scanners, and audit logging tools
Ensure tools and scripts used for compliance monitoring (e.g., RMF assessments, ACAS scans) are operating effectively and producing accurate outputs
Collaborate with system administrators to remediate security findings and improve hardening based on STIGs and best practices

Qualification

ISSO experienceNIST 800-53 knowledgeRMF lifecycle expertiseIncident responseSecurity control assessmentsVulnerability assessmentsSIEM monitoringRisk assessment reportsTraining developmentCollaborationCommunication

Required

Ability to work independently
Support system owners
Lead the documentation, authorization, and ongoing assessment of information systems
Manage and maintain all RMF-related documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessment Reports (RARs), and Plan of Action and Milestones (POA&Ms)
Conduct security control assessments and facilitate ongoing authorization (ATO/ATC) activities
Work directly with system owners, administrators, and the Government cybersecurity team to ensure all security controls are properly implemented and documented
Coordinate and support all phases of the RMF lifecycle from categorization to continuous monitoring
Lead vulnerability and compliance assessments using automated tools (e.g., ACAS, STIG Viewer) and ensure all findings are remediated or tracked via POA&Ms
Participate in Configuration Control Boards (CCBs) and validate that system changes do not negatively impact security controls or the authorization boundary
Track and report on system compliance metrics, ensuring timely updates to APMS and eMASS and supporting audit readiness activities
Develop and deliver security awareness training, user role validation, and account recertification in accordance with policy
Act as liaison with Authorizing Officials (AOs), Control Assessors (CAs), and NETCOM to facilitate ATO packages and compliance reviews
Monitor and analyze security events from SIEM platforms, firewalls, IDS/IPS, and EDR tools to detect threats and abnormal activity
Support incident response activities and coordinate with local defender to assess impact, containment, and recovery actions
Document all security incidents in alignment with incident handling procedures and provide after-action reports for leadership
Ensure that incident findings are mapped back to RMF controls, and that system documentation is updated accordingly
Monitor Cyber Tasking Orders (CTOs), security bulletins, CVEs, and threat intelligence feeds for relevance to the operational environment
Analyze potential threat vectors and adversary TTPs using frameworks such as MITRE ATT&CK and translate findings into actionable security enhancements
Collaborate with stakeholders to recommend technical and policy-based countermeasures aligned with organizational risk tolerance and mission impact
Prepare detailed risk assessment reports, compliance dashboards, and security briefings for senior leadership and stakeholders
Submit timely updates and artifacts to eMASS and participate in regular cybersecurity status meetings
Provide clear, data-driven recommendations for improving system security postures and addressing identified risks
Coordinate with mission owners and developers to implement security in system development lifecycles (SDLC)
Maintain awareness and proper configuration of continuous monitoring tools including SIEMs, vulnerability scanners, and audit logging tools
Ensure tools and scripts used for compliance monitoring (e.g., RMF assessments, ACAS scans) are operating effectively and producing accurate outputs
Collaborate with system administrators to remediate security findings and improve hardening based on STIGs and best practices

Preferred

In-depth knowledge of NIST 800-53 controls
Knowledge of RMF lifecycle steps
Familiarity with DoD cybersecurity policies (DoDI 8510.01, 8500.01, AR 25-2)

Company

COLSA

twittertwittertwitter
company-logo
COLSA's full-scale capabilities include cyber and information warfare, rapid prototyping and engineering, uncrewed systems, acquisition, logistics, studies and analysis, data science, and systems and software engineering.
dateFounded in 1980
location
Huntsville, Alabama, USA
people-size1001-5000 employees
web-link
http://www.colsa.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Van Corum
Deputy CEO & CFO
linkedin
leader-logo
Ivan Garcia
Chief Technology Officer
linkedin
Company data provided by crunchbase