Senior Security Analyst assessing security controls and risks for governance, risk, and compliance. Collaborating with teams to strengthen security posture while ensuring compliance with frameworks like ISO 27001.
About the role
- Cyber Security SME ensuring the security and compliance of enterprise cloud applications. Collaborating across teams to achieve and maintain security authorization requirements.
Responsibilities
- Lead and coordinate efforts to obtain and maintain ATO/ATC for production systems, ensuring compliance with applicable security frameworks.
- Partner with Development, Cloud, and DevSecOps teams to integrate security throughout the SDLC and CI/CD pipelines, ensuring secure-by-design implementations.
- Review and contribute to system architectures, data flows, and Concept of Operations (CONOPS) documents to ensure alignment with Zero Trust principles and organizational security policies.
- Support and track the remediation of vulnerabilities and deficiencies identified through scans, assessments, and audits; create and manage Plans of Action & Milestones (POA&Ms) as required.
- Develop and maintain enterprise cybersecurity standards, guidelines, and best practices to ensure consistent implementation of security controls across all program systems.
- Support ongoing assessment and authorization (A&A) activities, including risk assessments, configuration management, and continuous monitoring reporting.
- Guide teams in applying Zero Trust Architecture (ZTA) principles—identity-centric access control, micro-segmentation, least privilege, and continuous validation—to all system designs and processes.
Requirements
- 5+ years of progressive experience in cybersecurity, with at least 3 years supporting federal ATO/ATC processes.
- In-depth knowledge of NIST RMF, FedRAMP, and Zero Trust Architecture frameworks.
- Experience collaborating with ISSOs, ISSMs, SCAs, and engineering teams.
- Familiarity with AWS cloud environments and DevSecOps pipelines.
- Strong technical understanding of network security, IAM, encryption, and vulnerability management.
- Excellent communication and coordination skills.
- Preferred Qualifications: CISSP, CISM, CAP, or equivalent cybersecurity certification.
- Experience with containerized applications, infrastructure as code (IaC), and continuous compliance tools.
Benefits
- Ability to Obtain a Public Trust clearance
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Technical Support role in industrial safety for Grifols, a global healthcare leader. Responsibilities include compliance management and operational support for industrial safety.
Senior Information Security Advisor ensuring patient data protection and implementing security frameworks at Novo Nordisk. Leading strategic initiatives to safeguard healthcare data and maintain trust across the organization.
Senior Analyst handling AMS support for SAP Security with Deloitte. Focus on troubleshooting, solution design, and team leadership in a diverse working environment.
Identity Security Specialist developing custom identity management solutions at Lincoln Electric. Leading integration with systems like Active Directory and ensuring compliance with security policies in a global context.
OT Security Consultant at Sword delivering security across operational and industrial environments. Leading assessments and improvement plans while collaborating with engineering and asset teams.
Lead cybersecurity operations for Operational Technology at NTT DATA Romania. Focus on security threat detection, response, and optimization in various customer environments.
Offensive Security Engineer at Replit leading penetration testing and security for cloud - native platform. Focused on securing AI - integrated system through advanced adversarial tactics and code analysis.
Network Security Engineer safeguarding enterprise infrastructure and managing security operations. Leading vulnerability remediation and driving automation within the Engineering Security Operations Team.
Infrastructure & Security Engineer focusing on auditing and securing client environments post - transition. Assessing systems, identifying vulnerabilities, and recommending improvements.