{"schemaVersion":"jobsearcher.job.v1","id":"665c812a7d2d122c0b6dc43b","url":"https://jobsearcher.com/jobs/665c812a7d2d122c0b6dc43b","canonicalUrl":"https://jobsearcher.com/jobs/665c812a7d2d122c0b6dc43b","title":"FISMA Analyst","description":"CyberData Technologies, Inc., an established technology solution provider based in Herndon, Virginia, is looking to expand its growing team. We are a primary government consultant and infrastructure support contractor. Our employees are our greatest asset and we are committed to their professional development and growth. We provide competitive salaries, bonuses, generous benefit packages, and paid time off to balance work and personal commitments.\n\nTitle: FISMA Analyst\nLocation: Remote\n\nResponsibilities:\nLead and conduct multi-level (application, database, operating system, middleware, monitoring tools, and business processes) security control assessments of systems based on predefined test objectives and test plans.\nCoordinate, and track interviews with system owners, ISSOs, and administrators on operational, management, and technical processes.\nDraft Security Control Assessment Plans (SCAP) to include the scope and methodology for testing.\nDevelop test procedures and/or document recommendations for test plan modifications that improve validation of control objectives.\nAssist the assessment team obtaining, reviewing, and interpreting evidence provided to validate security controls are implemented properly and performing effectively.\nReview the security controls in the information system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements.\nWork with the Risk Management (RM) team to determine risks to the system based on vulnerability results and compensating or mitigating controls in place.\nProduce the Security Assessment Report (SAR) that documents the results of the assessment.\nProvide insight on NIST 800-53 technical controls during assessments.\nReview asset, application, and code scan results from various tools for assessed systems\nReview compliance scans against defined baselines for assessed systems.\nProvide recommendations to system owners and information system security officers (ISSOs) for remediating identified vulnerabilities.\nWrite supporting documentation for security control assessment and other risk management processes and procedures.\nProvide process improvement recommendations for day-to-day operations.\nProvide technical guidance to the RM team and other stakeholders as needed.\n\nSkills & Experience:\nMinimum of five to seven years of experience in both security control assessments, and security assessment and authorization (SA&A) activities.\nStrong Knowledge of Risk Management Framework requirements.\nKnowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws, etc.), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.\nUnderstanding of new and emerging IT and information security technologies.\nStrong knowledge of FISMA regulation, FIPS standards, NIST 800 series, NIST Special Publications and other applicable guidance.\nIn depth knowledge of processes used to assess risk and establish security requirements and documentation to ensure that information systems possess security safeguards commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.\nExpert understanding of measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. In-depth knowledge, skills, and abilities needed to enforce Information Assurance and Cybersecurity requirements, apply Information System Security (INFOSEC) methodologies and facilitate SA&A as well as continuous monitoring activities, such as vulnerability scans and security control assessments. Able to analyze and assess vulnerability scan outputs and provide feedback to CISO and system owner.\nIn-depth knowledge of information assurance levels and risk impact thresholds in meeting applicable security policies, standards and requirements to ensure that accrediting authorities have the information necessary to make an objective authorization determination based on an acceptable level of risk. Employee should be able to analyze, evaluate, and assess information system security policies, processes and procedures necessary to ensure a comprehensive multi-disciplined assessment of technical and non-technical security features and associated safeguards.\nIn-depth knowledge of System Security Plan, Contingency Plan and Testing, POA&Ms, Risk Assessment, and other security related documents. Employee should be able to assist ISSOs and/or system owners on addressing security controls and implementation methods in the SSP as well assist in contingency planning and testing, security control assessment and vulnerability scanning. Able to analyze, assess, control, determine, mitigate and manage risk within a federal management framework or within federal interest computer systems that store, process, display or transmit Personally Identifiable Information (PII). Able to identify, implement and integrate management and administrative risk methodologies for securing critical and sensitive information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of critical organizational computing resources.\nStrong communication and interpersonal skills with the ability to act as a resource for, provide customer service in a courteous manner to, and work effectively with diverse groups of people at various levels within an organization. Writing skills sufficient to compose and edit a variety of documents using correct spelling, grammar, and punctuation, with the ability to pay close attention to detail and proofread work carefully.\nStrong organizational skills sufficient to prioritize work and complete assignments accurately, either independently or as part of a team, under pressure of competing deadlines and with frequent interruptions, working from own initiative and/or following directions, policies, or procedures. Independently establish priorities and coordinate and complete assignments within established timeframes.\nAbility to identify customer needs and use analytical and decision-making skills to offer options and resolve problems in a variety of contexts.\nAbility to effectively communicate technical issues, identify technical gaps, and the root cause of systemic issues.\nExperience performing security control assessments against a wide variety of systems including cloud-hosted applications (i.e., SaaS, PaaS, IaaS), web applications and general support systems.\nExperience writing SARs for documenting security assessment results.\nExperience reviewing scan results from various tools and incorporating results in in the security assessment process.\nExperience providing recommendations to system owners and ISSOs for remediating vulnerabilities.\nExperience with vulnerability assessment and reporting including comprehensive understanding of Vulnerability Management methodologies and procedures.\nOperating system concepts - experience with both Windows and Linux environments.\nStrong technical, analytical, and interpersonal skills.\nAbility to work in a team-oriented environment.\nMust be self-driven and be able work independently.\nBachelor's degree in IT or related field.\nCAP, CEH, and/or CISSP certification is preferred.\n\nPrincipal applicants only. Please no agencies, 3rd party, or staffing firms.\n\nCyberData is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.","company":"Cyberdata Technologies","rawCompany":"cyberdata technologies","city":"Reston","state":"VA","isRemote":false,"isActive":false,"createdAt":"2026-04-12T21:09:21.979Z","occupations":[{"code":"15-1212.00","title":"Information Security Analysts","slug":"information-security-analysts"},{"code":"13-1199.07","title":"Security Management Specialists","slug":"security-management-specialists"},{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"}],"industries":[{"code":"541690","title":"Other Scientific and Technical Consulting Services","slug":"other-scientific-and-technical-consulting-services"},{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"541618","title":"Other Management Consulting Services","slug":"other-management-consulting-services"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"FISMA Analyst","description":"CyberData Technologies, Inc., an established technology solution provider based in Herndon, Virginia, is looking to expand its growing team. We are a primary government consultant and infrastructure support contractor. Our employees are our greatest asset and we are committed to their professional development and growth. We provide competitive salaries, bonuses, generous benefit packages, and paid time off to balance work and personal commitments.\n\nTitle: FISMA Analyst\nLocation: Remote\n\nResponsibilities:\nLead and conduct multi-level (application, database, operating system, middleware, monitoring tools, and business processes) security control assessments of systems based on predefined test objectives and test plans.\nCoordinate, and track interviews with system owners, ISSOs, and administrators on operational, management, and technical processes.\nDraft Security Control Assessment Plans (SCAP) to include the scope and methodology for testing.\nDevelop test procedures and/or document recommendations for test plan modifications that improve validation of control objectives.\nAssist the assessment team obtaining, reviewing, and interpreting evidence provided to validate security controls are implemented properly and performing effectively.\nReview the security controls in the information system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements.\nWork with the Risk Management (RM) team to determine risks to the system based on vulnerability results and compensating or mitigating controls in place.\nProduce the Security Assessment Report (SAR) that documents the results of the assessment.\nProvide insight on NIST 800-53 technical controls during assessments.\nReview asset, application, and code scan results from various tools for assessed systems\nReview compliance scans against defined baselines for assessed systems.\nProvide recommendations to system owners and information system security officers (ISSOs) for remediating identified vulnerabilities.\nWrite supporting documentation for security control assessment and other risk management processes and procedures.\nProvide process improvement recommendations for day-to-day operations.\nProvide technical guidance to the RM team and other stakeholders as needed.\n\nSkills & Experience:\nMinimum of five to seven years of experience in both security control assessments, and security assessment and authorization (SA&A) activities.\nStrong Knowledge of Risk Management Framework requirements.\nKnowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws, etc.), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.\nUnderstanding of new and emerging IT and information security technologies.\nStrong knowledge of FISMA regulation, FIPS standards, NIST 800 series, NIST Special Publications and other applicable guidance.\nIn depth knowledge of processes used to assess risk and establish security requirements and documentation to ensure that information systems possess security safeguards commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.\nExpert understanding of measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. In-depth knowledge, skills, and abilities needed to enforce Information Assurance and Cybersecurity requirements, apply Information System Security (INFOSEC) methodologies and facilitate SA&A as well as continuous monitoring activities, such as vulnerability scans and security control assessments. Able to analyze and assess vulnerability scan outputs and provide feedback to CISO and system owner.\nIn-depth knowledge of information assurance levels and risk impact thresholds in meeting applicable security policies, standards and requirements to ensure that accrediting authorities have the information necessary to make an objective authorization determination based on an acceptable level of risk. Employee should be able to analyze, evaluate, and assess information system security policies, processes and procedures necessary to ensure a comprehensive multi-disciplined assessment of technical and non-technical security features and associated safeguards.\nIn-depth knowledge of System Security Plan, Contingency Plan and Testing, POA&Ms, Risk Assessment, and other security related documents. Employee should be able to assist ISSOs and/or system owners on addressing security controls and implementation methods in the SSP as well assist in contingency planning and testing, security control assessment and vulnerability scanning. Able to analyze, assess, control, determine, mitigate and manage risk within a federal management framework or within federal interest computer systems that store, process, display or transmit Personally Identifiable Information (PII). Able to identify, implement and integrate management and administrative risk methodologies for securing critical and sensitive information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of critical organizational computing resources.\nStrong communication and interpersonal skills with the ability to act as a resource for, provide customer service in a courteous manner to, and work effectively with diverse groups of people at various levels within an organization. Writing skills sufficient to compose and edit a variety of documents using correct spelling, grammar, and punctuation, with the ability to pay close attention to detail and proofread work carefully.\nStrong organizational skills sufficient to prioritize work and complete assignments accurately, either independently or as part of a team, under pressure of competing deadlines and with frequent interruptions, working from own initiative and/or following directions, policies, or procedures. Independently establish priorities and coordinate and complete assignments within established timeframes.\nAbility to identify customer needs and use analytical and decision-making skills to offer options and resolve problems in a variety of contexts.\nAbility to effectively communicate technical issues, identify technical gaps, and the root cause of systemic issues.\nExperience performing security control assessments against a wide variety of systems including cloud-hosted applications (i.e., SaaS, PaaS, IaaS), web applications and general support systems.\nExperience writing SARs for documenting security assessment results.\nExperience reviewing scan results from various tools and incorporating results in in the security assessment process.\nExperience providing recommendations to system owners and ISSOs for remediating vulnerabilities.\nExperience with vulnerability assessment and reporting including comprehensive understanding of Vulnerability Management methodologies and procedures.\nOperating system concepts - experience with both Windows and Linux environments.\nStrong technical, analytical, and interpersonal skills.\nAbility to work in a team-oriented environment.\nMust be self-driven and be able work independently.\nBachelor's degree in IT or related field.\nCAP, CEH, and/or CISSP certification is preferred.\n\nPrincipal applicants only. Please no agencies, 3rd party, or staffing firms.\n\nCyberData is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.","datePosted":"2026-04-12T21:09:21.979Z","dateModified":"2026-04-12T21:09:21.979Z","hiringOrganization":{"@type":"Organization","name":"Cyberdata Technologies","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Reston","addressRegion":"VA","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"665c812a7d2d122c0b6dc43b"},"url":"https://jobsearcher.com/jobs/665c812a7d2d122c0b6dc43b"}}