Senior Cybersecurity Analyst

By Light Professional IT Services

full-time

Posted on: 9/30/2025

Location Type: Hybrid

Location: McLean • Virginia • 🇺🇸 United States

Visit company website

✨ AI Apply

Apply

Job Level

Senior

Tech Stack

CloudCyber SecuritySplunk

About the role

Lead the implementation, management, and continuous monitoring of cybersecurity controls for the DCMA Computer-Aided Facility Management (CAFM) SaaS system, ensuring full compliance with FedRAMP Moderate, DoD RMF, and NIST 800-53 standards
Conduct ongoing vulnerability assessments, risk analyses, and security audits of cloud and on-premises components, identifying weaknesses and formulating mitigation strategies
Develop and maintain cybersecurity documentation including System Security Plans (SSPs), policies, procedures, Plan of Action & Milestones (POA&Ms), and incident response plans
Support the development, submission, and maintenance of Authority to Operate (ATO) packages in alignment with DCMA, DoD, and federal requirements
Coordinate and conduct security testing (penetration tests, vulnerability scanning, compliance checks) using industry-standard tools and methodologies, documenting results and remediation actions
Collaborate with DevSecOps, software development, and system administration teams to ensure secure design and implementation of all technical solutions and integrations
Manage user access controls, account provisioning, and privileged access in compliance with least privilege and zero trust principles
Lead incident response efforts, performing security event investigation, analysis, and reporting; coordinate with government stakeholders to report incidents in line with contractual requirements
Monitor threat intelligence feeds, emerging vulnerabilities, and cyber risk advisories; provide recommendations to enhance system defenses
Conduct security awareness training and ensure user compliance with established security standards, policies, and procedures

Requirements

Bachelor’s Degree in Cybersecurity, Information Assurance, Computer Science, Information Systems, or a related technical field
Minimum 7 years’ experience in cybersecurity analysis
At least 3 years supporting FedRAMP, DoD RMF, or NIST 800-53 compliant environments
Proven expertise in vulnerability management, incident response, risk assessment, and compliance monitoring within cloud-based SaaS or federal IT environments
Direct experience supporting system assessment and authorization (ATO) processes, including development and maintenance of RMF artifacts
Strong knowledge of secure architecture principles, security incident management, and cloud security best practices
Familiarity with security tools such as Splunk, Tenable, Nessus, McAfee, or similar platforms
U.S. citizenship required (Special Requirements/Security Clearance)
Preferred: Master’s Degree in Cybersecurity, Information Assurance, or related discipline
Preferred: Experience supporting DCMA, DoD, or other federal CAFM, asset management, or facilities management SaaS solutions
Preferred: In-depth knowledge of Authority to Operate (ATO) and FISMA/FedRAMP accreditation processes
Preferred: Experience with STIGs, continuous monitoring, and penetration testing in federal environments
Preferred: Relevant industry certifications (CISSP, CISM, CCSP, CompTIA Security+, CASP+, GSEC)

Benefits

Medical, Dental & Vision Coverage
Wellness Program
401(k) Matching
Disability (Short Term & Long Term)
Employee Assistance Program
Life Insurance
Education & Training
Generous Leave Policy (11 Federal Holidays, PTO, and Military Leave)

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

cybersecurity analysisvulnerability managementincident responserisk assessmentcompliance monitoringsecure architecture principlessecurity incident managementcloud security best practicessystem assessment and authorizationcontinuous monitoring

Soft skills

collaborationcommunicationleadershipproblem-solvinganalytical thinking

Certifications

CISSPCISMCCSPCompTIA Security+CASP+GSEC