Security Analyst

12+ months

Rockville, Maryland

Status : USC

Customer is seeking a Security Consultant to join a high-performing team delivering security assessments and advisory services to support federal and commercial clients in meeting FISMA and FedRAMP compliance requirements. This role offers the opportunity to work with modern cloud, AI, and enterprise security technologies while developing deep expertise in regulatory frameworks and risk-based security programs.

The ideal candidate will have a strong understanding of information security principles and hands-on experience translating NIST 800-53 and related guidance into practical technical and operational implementations. This individual will collaborate closely with client stakeholders, senior consultants, and internal teams to develop and maintain security authorization documentation, perform risk and compliance assessments, and help clients strengthen their security posture.

This is a client-facing role that requires strong communication, consulting, and project delivery skills, along with the ability to lead engagements and guide customers through complex regulatory and security requirements.

Responsibilities

• Develop Security Authorization Packages aligned with FISMA and FedRAMP requirements under the supervision of senior consultants.
• Create and maintain key authorization artifacts, including System Security Plans (SSP), Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, Security Assessment Plans, and Security Assessment Reports.
• Assist in reviewing Security Authorization Packages to ensure completeness, accuracy, and compliance with federal standards.
• Participate in client interviews and working sessions to gather information required for security assessments and authorization documentation.
• Ensure security documentation remains current throughout the system lifecycle.
• Analyze and interpret vulnerability scan results from tools such as SentinelOne, Qualys, AppDetective, WebInspect, IBM AppScan, and Burp Suite.
• Collaborate with clients to define risk mitigation strategies and prioritize remediation activities.
• Build strong customer relationships and serve as a trusted security advisor.
• Drive working sessions to align project scope, expectations, and timelines.
• Establish and improve security standards, procedures, and controls to minimize organizational risk.
• Support project delivery from initiation through closure, ensuring high-quality outcomes.
• Collaborate with cross-functional internal teams to ensure successful execution of security engagements.
• Stay current with evolving regulatory frameworks, cloud security, and emerging threats.

Required:

• 3 5 years of experience in information security, risk management, or compliance consulting.
• Demonstrated familiarity with FISMA and NIST 800-series frameworks, including 800-30, 800-37, 800-53, 800-53A, and 800-60.
• Strong understanding of risk assessment, control implementation, and security documentation.
• Experience supporting FedRAMP or federal security compliance initiatives.
• Excellent written and verbal communication and presentation skills.
• Ability to engage directly with clients and present technical and compliance findings.
• Strong analytical and problem-solving skills.
• Ability to work in fast-paced, client-driven environments.
• U.S. Citizenship required.

Preferred:

• Professional certifications such as CISSP, CEH, CAP, Security+, GSEC, CCNA, CCNP, CASP, or AWS certifications.
• Experience with SOC 2, PCI-DSS, Reg SCI, or other regulatory frameworks.
• Experience working in cloud environments such as AWS or Azure.
• Exposure to security tools and platforms such as Splunk and ServiceNow.
• Experience supporting AI or cloud-native security programs.
• Consulting or client-facing experience.