Information Security Analyst, Information Assurance / RMF jobs in United States
cer-icon
Apply on Employer Site
company-logo

Nationwide IT Services, Inc. ยท 12 hours ago

Information Security Analyst, Information Assurance / RMF

positionAlexandria, VA
timeFull-time
remoteHybrid
seniorityMid, Senior Level
date5+ years exp

Nationwide IT Services, Inc. is seeking an Information Security Analyst specializing in Information Assurance and RMF. The role involves supporting the execution of the full cybersecurity and RMF lifecycle for DoD and Federal systems, focusing on security control implementation, assessment, and continuous monitoring activities.

Cyber SecurityInformation ServicesInformation TechnologyManagement Consulting
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Support the execution of the full cybersecurity and RMF lifecycle for DoD and Federal systems, with emphasis on security control implementation, assessment, authorization, and continuous monitoring activities
Perform vulnerability scanning and compliance validation, including, but not limited to, ACAS scanning, STIG assessments, SCAP validation, and configuration compliance checks
Analyze vulnerability scan results, identify false positives, assess risk severity, and support remediation planning in coordination with engineering and operations teams
Track, document, and manage remediation activities and Plans of Action and Milestones (POA&Ms) through closure, ensuring alignment with mandated timelines and risk tolerance
Support RMF authorization activities, including initial ATOs, ATO renewals, significant change packages, and continuous authorization (cATO) efforts
Support and execute Information Security Continuous Monitoring (ISCM) activities, including vulnerability trend analysis, control effectiveness validation, configuration drift monitoring, and security posture reporting
Support the implementation and monitoring of Zero Trust security principles at a system level, including identity awareness, least privilege access, and continuous validation of users, devices, and workloads
Prepare, review, and maintain cybersecurity and authorization artifacts in eMASS, including, but not limited to: System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), Control implementation narratives and supporting evidence packages
Conduct security control assessments and support independent verification and validation activities
Assist with the implementation and maintenance of security controls aligned with NIST SP 800-53 and DoD cybersecurity requirements
Coordinate with system owners, cybersecurity engineers, and program leadership to communicate security findings, risks, and remediation status
Support cybersecurity audits, inspections, and Cyber Operational Readiness Assessments (CORA), ensuring accurate documentation and evidence traceability
Assist in maintaining compliance with applicable cybersecurity policies, including FISMA, DoD RMF, DoD Zero Trust guidance, and the DoD Cloud Computing Security Requirements Guide (CC SRG)

Qualification

CISSPRMFNIST SP 800-53EMASSVulnerability scanningCloud securityACASSTIG ViewerSCAP Compliance CheckerCISMCCSPCASP+Information AssuranceCybersecurity policies

Required

Active Secret clearance required
Five or more years of experience in information security, information assurance, or cybersecurity operations, with experience supporting RMF-based programs
Hands-on experience performing vulnerability scanning and compliance assessments using tools such as ACAS, STIG Viewer, and SCAP Compliance Checker
Experience supporting RMF documentation and authorization packages, including SSPs, SARs, and POA&Ms
Working knowledge of NIST SP 800-53, NIST RMF, and DoD cybersecurity policies
Experience using eMASS to support RMF lifecycle activities and track authorization artifacts
Familiarity with cloud security concepts and environments such as AWS GovCloud or Microsoft Azure Government
One or more cybersecurity certifications required, including CISSP, CCSP, CISM, and CASP+ (Renamed SecurityX)

Preferred

Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or a related field

Benefits

Medical, dental, and vision insurance
Life and disability insurance
401(k) plan with employer match
Paid holidays
PTO (sick/vacation)
Commuter benefits
Employee assistance program (EAP)
Educational reimbursement
Pet Insurance

Company

Nationwide IT Services, Inc.

twittertwittertwitter
company-logo
Nationwide IT Services, Inc.
dateFounded in 2006
location
Fairfax, Virginia, USA
people-size201-500 employees
web-link
http://nw-its.com/

Funding

Current Stage
Growth Stage
Company data provided by crunchbase