Information Security Analyst SME - Urgent Need

company banner
Judge Group, Inc.
Security, Analyst, Risk Management, Engineering, Application, Development, Micro, Analysis, Java, System, Architect, Engineer, Test, Access, Python
Full Time

Job Description

Location: Ashburn, VA
Description: Our client is currently seeking a Information Security Analyst SME. This position will be remote for the forseeable future and offer remote after Covid as well.

For immediate consideration, email your resume to Devon Owen at

The SME Cybersecurity/RMF Specialist must possess strong cybersecurity and network security skills, and will need to have a deep technical understanding of Cybersecurity practices, Risk Management Framework, and delivering secure and reliable hardware and software solutions in short sprints. Ideal candidates will work as an integral part of a highly productive team of seasoned technical professionals who thrive on supporting our customer's mission and growth objectives- responsible for designing, developing, leading, and implementing secure application and infrastructure capabilities for a variety of legacy and modernized systems and applications. Ideal candidates will work in close collaboration with software developers/engineers, quality assurance engineers, stakeholders, and end users within Agile Engineering processes. They must have a working knowledge of enterprise class information assurance requirements, and network security and survivability. Additionally, the ideal candidates will also be responsible for supporting the development of a wide spectrum of engineering artifacts that adequately, but succinctly captures system security requirements, application and network security design, and network security architecture. This position is responsible for ensuring that all assigned work activities are performed in a timely, secure, compliant and cost-effective manner while maintaining the highest quality of performance.

Strong experience with the Application Security and Development STIG

Strong experience with Micro Focus Fortify, or a Static Code Analysis tool

Understanding of Threat Models

Comprehensive knowledge of Technical Code Review (.NET code, but some Java would also be nice to have)

There is no eMASS requirement, but needs some experience with RMF as it relates to making POA&Ms and the overall process

Experience with software development / programming (preferred, but not required).

Basic responsibilities include:

Maintain Cybersecurity Program strategy

Apply information security in accordance with National/DoD/Army Directive security policy including, but not limited to, DODI 8500.01, DODI 8510.01, NIST SP 800-30, NIST 800-37, NIST 800-53a, NIST SP 800-61, NIST 800-171, AR 25-2, and AR 380-5

Assess entire system lifecycle requirements and network security impacts

Support creation of, and ensure approval for, Department of Defense (DOD) Risk Management Framework (RMF) Assess and Authorize (A&A) Process for development and sustainment projects

Support program and customer management, and government Authorizing Official (AO) for all information security status, policies, and procedures

Document DoD RMF Security Implementation Plan artifacts. Coordinate and assist development team with application artifact documentation

Assist government personnel in preparing and presenting Enterprise Mission Assurance Support System (eMASS) packages to the Control Assessor (SCA)Assess and analyze US-CERT, ACERT, and current threat environment;

Enhance - Implement Cybersecurity vulnerability/A&A hardening testing

Optimize - Cybersecurity development environment certification

Architect & Engineer security - develop security goals, capabilities, controls, and architecture

Design & Implement security - vulnerability management, build security into development

Integrate & Test Security - test patches and settings, document A&A artifacts

Validate & Verify security - validate patch status and software control status

Implement security - apply patches and security settings, performance incident handling and remediation

Maintain security posture - audit security settings, track security training, monitor threats, track reaccreditation

Enable assurance for information security during all phases of agile software development and deployment

Continuously evaluate and recommend innovative proven best business practices and tools to enhance defense-in-depth

Identify, assess, and recommend zero-day cyber threat remediation

Address Cybersecurity issues to help maintain Continuity of Operations Plan (COOP)

Assist engineers with implementing and maintaining Common Access Card (CAC) and Public Key Infrastructure (PKI) functions into existing and future application development to ensure confidentiality, integrity, and availability to mission support

Perform information security vulnerability testing and mitigate any nonconformance

Create and manage Plan of Action & Milestones (POA&M)

Implement and validate Security Technical Implementation Guide (STIG) requirements for all development and implementation projects

Understand and assist developers with static code analysis processes

Utilization of cyber and development tools, e.g. Python, PowerShell, Docker, Pentest-tools, scripting XP, etc.


Education Requirements: Bachelor's degree in technical field, experience will be considered in lieu of degree

Experience Requirements: At least 16 years of experience

Security Clearance Requirements: DoD Secret or higher


This job and many more are available through The Judge Group. Find us on the web at

Company Information

The Judge Group, celebrating its 50th anniversary, is a leading professional services firm specializing in talent, technology, and learning solutions. We consult, staff, train, and solve. Through our work we make people and organizations better. Our services are successfully delivered through a network of more than 30 offices in the United States, Canada, and India. The Judge Group serves more than 50 of the Fortune 100 and is responsible for over 9,000 professionals on assignment annually across a wide range of industries.

Dice Id : cxjudgpa
Position Id : 697721
Originally Posted : 3 months ago

Similar Positions at Judge Group, Inc.

Information Security Analyst - IV
  • Belmont, VA
  • 15 hours ago
Information Systems Security Engineer
  • Washington, DC
  • 15 hours ago
Chief Security Engineer
  • Washington, DC
  • 15 hours ago
2 Senior Systems Security Engineers
  • Crownsville, MD
  • 15 hours ago
Security Analyst
  • New York City, NY
  • 15 hours ago
Information Management Analyst
  • Jacksonville, NC
  • 15 hours ago
Associate Information Security Engineer
  • San Antonio, TX
  • 15 hours ago
Model Risk Program/Project Management
  • Bridgewater, NJ
  • 15 hours ago
Network Security Engineer - IV
  • Raleigh, NC
  • 15 hours ago
  • Cary, NC
  • 15 hours ago