ResponsibilitiesWe are seeking a highly skilled and innovative CORA/CHAP Compliance Analyst to join our team in the greater DMV area, supporting the Army National Guard.
Responsibilities
- Lead CORA and CHAP compliance assessments: evaluate security architectures, control implementations, and operational procedures against RMF, DoD, and Army requirements.
- Analyze technical artifacts, configuration baselines, risk documentation, and evidence to identify systemic compliance gaps and residual risk.
- Produce formal assessment reports, executive summaries, findings, and prioritized remediation guidance for system owners and leadership.
- Advise on corrective action prioritization, risk disposition strategies, audit readiness, and POA&M development/tracking.
- Support continuous monitoring through trend analysis, compliance metrics, and dashboard reporting to inform enterprise readiness.
- Coordinate with ISSOs/ISSMs, system owners, engineering, and program teams to validate remediation, close findings, and verify evidence.
- Maintain assessment artifacts, audit trails, and decision records to support inspections and accreditation activities.
- Mentor assessment staff and contribute to improvement of assessment methodologies, templates, and compliance workflows.
#ENOCS
QualificationsQualifications
- Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
- Clearance: Active TS/SCI clearance.
- Candidate must meet ONE of the following:
- Bachelor's degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR
- Relevant DoD/military training (examples: F07DZZ1; M03385G; M10395B; M223854; A-[redacted]; W-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]A; A-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]; A-[redacted]; DISA (451) Training (Linux/Windows); System Administrator (Intermediate) Playlist; OR
- Relevant professional certification or equivalent experience (examples: Cloud+, GICSP, GSEC, Security+, SSCP).
- Required experience and skills:
- Cybersecurity compliance, assessment, or audit experience with at least 3 years performing enterprise-level assessments in DoD or large enterprise environments.
- Deep familiarity with RMF, NIST SP 800-53, DISA STIGs/SRGs, CORA/CHAP methodologies, and evidence validation practices.
- Proven ability to produce decision-grade assessment reports, scorecards, executive briefings, and remediation plans.
- Strong analytical skills to correlate technical findings to operational risk and prioritize remediation.
- Experience with vulnerability tools, configuration baselines, eMASS/RMF workflows, and POA&M management.
- Excellent written and verbal communication for briefing senior leaders and coordinating cross-functional remediation.
- Desired:
- Prior ARNG/State/Territory assessment or CORA/CHAP experience.
- Experience advising leadership on enterprise compliance programs, sustained remediation strategies, and metrics-driven improvement.
- Familiarity with automation for evidence collection, compliance dashboards, and assessment toolchains.
#ENOCS
Target Salary Range$86,000 - $138,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.
