Cybersecurity Analyst📍 Location: Washington, DC (Onsite - 5 Days/Week)
🔒 Clearance: Active Secret required (Top Secret eligible)
💼 Type: Full-Time
About the RoleWe are seeking a
Cybersecurity Analyst with strong experience in
ATO and RMF compliance to support a high-volume federal cybersecurity program.
This role is heavily focused on
leading Authorization to Operate (ATO) efforts from start to finish-owning documentation, coordinating stakeholders, and guiding systems through assessment and authorization with
minimal to no hand-holding.
The ideal candidate combines
deep compliance expertise with enough
technical understanding of cloud and infrastructure (Azure/AWS) to confidently engage engineers, assessors, and senior leadership.
Key ResponsibilitiesATO Ownership (End-to-End)- Lead systems through the full ATO lifecycle using NIST Risk Management Framework
- Independently manage ATO packages from initiation through authorization
- Develop and maintain:
- System Security Plans (SSPs)
- Security Assessment Reports (SARs)
- Plans of Action & Milestones (POA&Ms)
- Write detailed control implementation statements aligned to NIST SP 800-53 Rev. 5
- Prepare for and support assessment boards and authorization reviews
NIST Rev. 5 & Control Implementation- Apply and interpret NIST 800-53 Rev. 5 controls and baselines
- Support migration of systems from older control baselines to Rev. 5
- Collect, validate, and organize artifacts required for control implementation
- Justify control implementations to assessors and review boards
Cloud Compliance (Azure & AWS)- Support ATO efforts for systems deployed in:
- Microsoft Azure
- Amazon Web Services (AWS)
- Understand cloud architecture, services, and data flows well enough to:
- Document systems accurately
- Translate technical configurations into compliance language
- Partner with engineers to align cloud implementations with compliance requirements
(Note: This is not a hands-on engineering role, but requires strong technical fluency.)
Stakeholder Engagement- Interface directly with:
- System Engineers & Architects
- ISSOs / Security Teams
- Authorizing Officials (AOs)
- Senior leadership (CIO-level stakeholders)
- Clearly communicate requirements, gaps, and remediation actions
- Lead discussions during assessments and audits
Audit, Risk & Continuous Monitoring- Support audits, data calls, and compliance reviews
- Identify risks, gaps, and remediation actions
- Track and manage POA&Ms to closure
- Contribute to continuous monitoring (ConMon) activities
- Support related efforts such as privacy compliance when needed
Tools & Environment- Primary GRC Tool: Archangel (preferred)
- Familiarity with tools such as eMASS or Xacta (legacy experience acceptable)
- Exposure to SIEM tools such as Splunk is a plus
Required Qualifications- 5+ years of experience in cybersecurity compliance / RMF / ATO support
(Strong candidates with slightly less experience may be considered) - Proven ability to lead ATOs independently from start to finish
- Hands-on experience with:
- NIST Risk Management Framework
- NIST SP 800-53 Rev. 5
- Experience writing implementation statements and ATO documentation
- Strong understanding of cloud environments (Azure and/or AWS)
- Ability to communicate effectively with both technical and executive stakeholders
- Experience working in federal or government environments
Preferred Qualifications- Experience with FedRAMP, CIS benchmarks, or similar frameworks
- Familiarity with Archangel
- Exposure to SIEM tools (e.g., Splunk)
- Experience supporting high-volume ATO pipelines / multiple concurrent systems
Certifications (Preferred, Not Required)- CISSP (highly desirable)
- CAP
- CISM
- Security+ (baseline)
What Success Looks Like- Independently drives multiple systems through ATO with minimal oversight
- Produces high-quality, audit-ready documentation
- Confidently defends control implementations to assessors
- Effectively bridges communication between engineers and compliance stakeholders
- Keeps pace with high workload and multiple concurrent ATO efforts
Ideal Candidate Profile- Self-sufficient ("no hand-holding") and proactive
- Strong communicator who can engage senior stakeholders
- Comfortable shifting between ATO work, audits, data calls, and privacy tasks
- Technically fluent in cloud environments without being a hands-on engineer
