Requisition Number: 2020-03-004
Job Title: Security Compliance Analyst
City: Washington
State: DC

Return to list of Solutions By Design Careers

Security Compliance Analyst

Apply Now

Description/Job Summary

Solutions By Design II, LLC (SBD) is seeking a Security Compliance Analyst to join our team in support of our federal customer.  The individual in this role will join a team responsible for automating our customer’s cyber security environment.  The Analyst will support all Ongoing Authorization activities for our customer. The Analyst will also support the security activities associated with evaluating, implementing, managing security practices and continued operations of new and existing technologies across the Enterprise.

Responsibilities Include:

  • Risk Management Framework (RMF) Activities:
    • Support all activities as outlined in the NIST SP 800-37, Risk Management Framework for Information Systems and Organizations. This includes the process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.
  • Security Authorization Documentation:
    • Initial development and, at least, annual reviews/updates of the FIPS 199, e-Authentication, Privacy Threshold Analysis (PTA)/Privacy Impact Analysis (PIA), Security Plan (SP), Contingency Plan (CP), and Contingency Plan Test (CPT), Interconnection Security Agreement (ISAs) and Memorandum of Agreement/Understanding (MOA/Us) and any other FISMA related security documentation.
  • Security Control Assessment Response:
    • Support all assessment activities by responding to interview questions as well as working with the system teams to gather appropriate evidence as directed by the SCA team.
  • Change Management:
    • Review all change requests for potential impact to the system security posture.
  • Continuous Monitoring:
    • Conduct audit log and account management reviews and update the Control Allocation Table and Trigger Accountability Log.
  • Configuration/Patch/Vulnerability Management:
    • Review scan results for the system assets, identify the respective remediation's for misconfigurations and weaknesses, and work with the system team to ensure timely implementation of fix.
  • A-123:
    • Experience with A-123 controls including Test of Design and Test of Effectiveness.
  • Have a deep understanding of Security Regulations, such as the NIST Publications and OMB Security related documents
  • Prepare documentation and materials to support the operations of FedRAMP compliance requirements throughout the organization
  • Develop briefings and presentations for Government PM and Executive Management
  • Ability to adapt to an Agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government
  • Support all Security Authorization Processes, Security Control Assessments and Ongoing Authorization activities as required and as directed by the Federal Government
  • Ensure systems are properly patched and hardened according to DHS requirements
  • Assist with issues and concerns related to their assigned systems
  • Perform other duties as assigned by the Government
  • Conduct research and analysis on abnormalities and provide recommendations
  • Conduct Risk Analysis on vendors, cloud service providers, etc. as necessary to identify flaws, threats and risks in emerging IT projects, and develop technical in-depth engineering solutions to address and mitigate these risks
  • Provide technical security solutions and control implementation recommendations to the Agile Development teams based on industry best practice and Federal requirements
  • Provide, prepare, and conduct security training, as needed
  • Apply and analyze privacy laws, administrative laws, regulations and policies surrounding the Privacy Act of 1974, the E-Government Act of 2002, or the Homeland Security Act of 2002
  • Serve as a subject matter expert on controls standards such as NIST 800-53, 800-37, 800-66, and 800-171 as well as other privacy regulations
  • Work on the automation, monitoring and auditing of privacy controls for each system
  • Support security and privacy requirements for internal and external system connections
  • Support proposed collection, sharing, and maintenance of PII through privacy compliance documentation
  • Perform comprehensive document reviews (DR) on all risk management and security operations documentation, in alignment with DHS, USCIS and FISMA requirements
  • Conduct quality assurance checks to ensure that the finished documentation meets DHS, USCIS, and FISMA requirements
  • Implement a two (2) day turn around for the following artifacts: FIPS 199, E-Authentication Workbook, PTA, PIA, CP, CPT and a five (5) day turn around for the review of the Security Plan (SP)
  • Revise, edit, or update security authorization documentation and presentations
  • Create, adapt, and follow project schedules and deadlines
  • Develop a thorough understanding of the audience and the documentation required by meeting with colleagues, and working with managers to discuss technical problems
  • Research and build knowledge about products, services, technology, or concepts
  • Determine the clearest and most logical way to present information and instructions for greatest reader comprehension, and write and edit technical information accordingly
  • Prepare or commission graphics and illustrations to elaborate on or complement technical writing
  • Meet with SMEs in order to ensure that specialized topics are appropriately addressed and discussed
  • Perform other duties as assigned by the Government

Required Qualifications

  • Must be a US Citizen able to obtain a federal clearance
  • 3+ years of specialized experience in one of the following positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems Security Auditor, or Information Systems Security Manager
  • Ongoing Authorization experience is a must
  • Must have security tools experience such as Splunk, Tenable, Twistlock, etc.
  • Familiarity with Nessus scans
  • Experience working with NIST SP 800-53, RMF, FISMA, DHS and Department of Defense (DoD) STIGS and policies
  • Experience developing and drafting POA&Ms
  • Must have and maintain at least one active certification such as CASP, GSEC, GSLC, CISSP, CEH, CISM, and CISA, or other comparable certification.
  • 3+ years of experience with analyzing, assessing and implementing corrective actions based on vulnerability management tools
  • Listening skills, the ability to detect explicit and implicit needs and wants
  • Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
  • Ability to work independently and function as an integral part of the team
  • Strong analytical and problem-solving skills
  • Demonstrated interviewing and negotiation skills applicable to identifying, defining, and evaluating requirements
Apply Now
ACCESSIBILITY NOTE: SBD is committed to complying with all applicable provisions of the Americans with Disabilities Act, as amended (“ADA”), and applicable state and local laws. It is SBD’s policy not to discriminate against any qualified person or applicant with regard to any terms or conditions of employment on the basis of such individual’s disability. Consistent with this policy of non-discrimination, SBD will provide reasonable accommodations to an individual with a disability, as defined in the ADA or applicable law, who has made SBD aware of his/her disability, unless doing so would cause an undue hardship to SBD.  If you are an applicant and need a reasonable accommodation when applying for job opportunities within SBD, or request a reasonable accommodation to utilize SBD’s online employment application, please contact

EQUAL OPPORTUNITY EMPLOYER: SBD is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at SBD will be based on merit, qualifications, and abilities. SBD does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").