ResponsibilitiesPeraton is looking to hire a Cyber Analyst in the Washington DC Metro area. This role will be a remote position. At times the role will also require travel to the Quantico client site when necessary.
What you'll do:
- Lead and execute RMF compliance activities in accordance with DoD and NIST requirements, supporting system accreditation and ATO efforts.
- Conduct STIG and SRG assessments across Windows, Linux, database, cloud, and application environments using tools such as SCC and STIG Viewer.
- Manage STIG matrices, Security Configuration Guides (SCGs), and compliance documentation.
- Analyze vulnerability scan results, develop and maintain POA&Ms, and track remediation activities to closure.
- Perform static and dynamic application security testing and source code analysis using tools such as Checkmarx, SonarQube, Burp Suite, and X-Ray.
- Investigate, prioritize, and resolve security findings identified through vulnerability scans, assessments, and continuous monitoring activities.
- Collaborate with engineering, operations, and development teams to implement effective security controls and remediation strategies.
- Create, maintain, and manage cybersecurity artifacts, including SSPs, POA&Ms, and supporting documentation within eMASS.
- Support cybersecurity audits, inspections, security assessments, and compliance reviews.
- Ensure adherence to cybersecurity best practices, DoD requirements, and evolving security standards throughout the system lifecycle.
- Contribute to security governance, continuous monitoring, and continuous improvement initiatives within an Agile/DevSecOps environment.
- Communicate effectively with technical and non-technical stakeholders to support mission and compliance objectives.
Qualifications
What you'll need:
- Education: 8 years with a BS/BA, 6 years with a MS/MA or 12 years of experience in lieu of a degree
- Proven experience in cybersecurity roles such as Cybersecurity Analyst, Cybersecurity Engineer, ISSO, ISSM, or related positions.
- Strong knowledge of the DoD Risk Management Framework (RMF), NIST 800-53 controls, STIGs, SRGs, and system accreditation processes.
- Experience supporting Authority to Operate (ATO) efforts, including development and management of RMF artifacts.
- Hands-on experience with STIG assessments, ACAS vulnerability scanning and reporting, POA&M management, SSP development, PPSM, CONOPS, and eMASS.
- Working knowledge of AWS and cloud computing environments.
- Certifications: One or more of the following certifications: CISSP (preferred), CASP+, Security+, CEH, CISA, SSCP, or GSEC.
- Clearance: Active Secret
- The candidate must be local to the Washington DC Metro area
Target Salary Range$112,000 - $179,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.
