System Security Analyst (FedRamp)

System Security Analyst (FedRAMP/FISMA)

About the Role

Join the team as a Senior System Security Analyst and play a critical role in securing the future of our cloud offerings. You will be the essential link responsible for driving and achieving FedRAMP and FISMA authorizations for new Cloud Products and Third-Party Applications across various cloud environments (including commercial, FedRAMP, and DOD).

This is a technical, hands-on position where you will bridge the gap between our Security, Engineering, Build, and Operations teams. You will gather critical technical control implementation details and translate them into accurate, high-quality security documentation, including System Security Plans (SSPs) . If you are a self-motivated expert who thrives on ensuring continuous compliance, performing in-depth analysis, and making thoughtful security recommendations, this position offers high impact and autonomy.

What You'll Do (Key Responsibilities)

Authorization & Documentation Leadership

• Lead and support all aspects of the FedRAMP and FISMA authorization process, including preparing Engineering, Build, and Operations teams through training and mock interviews.

• Serve as the primary liaison for security-related data gathering, working directly with technical teams to accurately document security control implementation in the SSP.

• Develop, update, and manage essential security documentation, including System Security Plans (SSPs), policies, procedures, and technical implementation language.

• Conduct thorough Security Impact Analyses for changes to the environment and provide expert, actionable recommendations to senior management.

• Interpret and communicate the intent of FedRAMP Moderate and FISMA security controls to technical and non-technical stakeholders.

Security Assessment & Monitoring

• Configure, execute, and perform in-depth analysis of vulnerability scans using industry tools (e.g., Nessus/Security Center, WebInspect).

• Evaluate vulnerability scan data and control implementation to identify risks and suggest robust remediation strategies.

• Identify and assess the security posture of cloud systems, including RMF package status, patching compliance, and Cyber Security Vulnerability Assessment (CSVA) mechanisms.

• Support ongoing activities and effectively respond to customer/Agency inquiries regarding compliance status.

Technical Analysis & Communication

• Interpret and assess complex technical artifacts, including network diagrams (Visio), logical/physical system diagrams, and data flow diagrams.

• Utilize tools such as Splunk to execute queries, search, and review data for security impact analysis and continuous monitoring.

• Prepare and deliver clear, concise written and oral presentations of complex technical material to all levels of IT and business management.

What You'll Bring (Required Qualifications)

• Experience: Minimum 5 years of experience in Information Technology, with a strong focus on Information Security, Security Engineering, or a related technical discipline.

• Government Framework Expertise: Proven, hands-on experience with FedRAMP and/or other government authorization processes (e.g., FISMA, DOD), and a deep understanding of the NIST Risk Management Framework (RMF) and NIST 800-53 controls.

• Vulnerability Management: Direct experience in the execution and detailed analysis of vulnerability scans using industry-standard tools (e.g., Nessus/Security Center, WebInspect).

• Technical Documentation: Demonstrated ability to document information system specifications and security controls.

• Communication: Excellent communication skills and the proven ability to work effectively with cross-functional teams (Security, Engineering, and Operations).

• Education: Bachelor’s Degree in Computer Science, MIS, Information Technology, or equivalent professional experience.

Bonus Points (Desired Skills & Certifications)

• Cloud Technologies: Experience with major Cloud Service Providers, specifically AWS and Azure .

• Security Certifications: Professional certifications such as ISC CISSP , ISACA CISM , or equivalent.

• Security Architecture: Experience in developing, evaluating, and implementing information security architectures, technologies, and best practices.

• Tooling: Familiarity with Splunk for security data analysis.