โ† back to jobs
> job detail
S
๐Ÿ‘ฝOther

System Security Analyst

Strategic Innovation Group LLC ยท Arlington, VA, US
// classified as
Other (Adjacent or hard to classify.)
posted
1d ago
location
Arlington, VA, US
languages
โ€”
tools
โ€”
> description

Strategic Innovation Group (SIG) is seeking multiple System Security Analysts to support the security, compliance, and risk management of production systems and applications for client programs. This role is responsible for analyzing production systems and applications to identify security vulnerabilities, documenting security requirements, and identifying the security controls and control families necessary to protect production environments. The successful candidate will inherit and manage existing Plans of Action and Milestones (POA&Ms) and security findings, develop mitigation and implementation strategies, drive remediation through structured planning and task scheduling, and provide advisory support to program-level security and development teams to strengthen control effectiveness and audit readiness.

SIG is a fast growing 8(a) government contractor based in Arlington, Virginia. We offer a broad range of technical expertise and experience in Digital Transformation, Data Management/Data Science, and Systems Modernization. At SIG, our people are our mission. Come join our team! A successful candidate will be offered the following:

  • Great work/life balance
  • Eligibility for performance-based participation in cash bonuses
  • Potential to participate in growth of the company through incentives
  • Excellent benefits, including health, dental, vision, generous PTO, a 401(k) with match, life insurance, short- and long-term disability, and a health savings account (HSA)

ESSENTIAL DUTIES AND RESPONSIBILITIES

The essential functions include, but are not limited to the following:

  • Analyze current production systems and applications to identify security vulnerabilities and risks.
  • Document security requirements for production systems and applications.
  • Identify and recommend the security controls and control families necessary to secure production environments.
  • Define and document system security boundaries in coordination with system owners and technical teams.
  • Inherit, review, and manage current Plans of Action and Milestones (POA&Ms) and prior security findings.
  • Develop mitigation and implementation strategies to remediate identified vulnerabilities and findings.
  • Build planning schedules and task timelines to drive POA&Ms toward closure.
  • Track and report POA&M status and remediation progress to stakeholders.
  • Conduct control assessments and control testing (e.g., NIST SP 800-53A) to validate control implementation and support audit readiness.
  • Perform continuous monitoring activities to sustain system authorization and ongoing control effectiveness.
  • Support audit readiness activities, including review of vendor SOC reports and third-party penetration test results.
  • Test and maintain contingency plans (ISCP/DRP/IRP) to support system resiliency.
  • Integrate automated security scanning into CI/CD pipelines and review findings with development teams.
  • Provide advisory support to program-level security teams and development teams on security best practices and compliance requirements.

REQUIRED EXPERIENCE/QUALIFICATIONS

  • Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (equivalent experience considered).
  • Must have a relevant certifications (e.g., Security+, CISSP, CAP, or similar) - candidates with certifications will be given priority.
  • 3+ years of relevant security analysis experience (senior candidates with more experience encouraged to apply).
  • Demonstrated experience conducting security assessments of production systems and applications.
  • Working knowledge of security control frameworks and control families (e.g., NIST SP 800-53 or equivalent).
  • Experience managing and remediating POA&Ms and security findings, including inherited/legacy findings.
  • Ability to develop mitigation and remediation plans, including task sequencing and scheduling.
  • Experience conducting formal control assessments/testing to validate control implementation.
  • Experience with continuous monitoring processes and sustaining system authorization.
  • Experience reviewing third-party/vendor risk artifacts (e.g., SOC reports, penetration test results).
  • Strong written communication skills for documenting security requirements and findings.
  • Experience advising both security and engineering/developer teams on remediation approaches.
  • Must be a US Citizen and able to obtain a Public Trust Clearance

PREFERRED EXPERIENCE/QUALIFICATIONS

  • Familiarity with Risk Management Framework (RMF) processes.
  • Experience with vulnerability scanning and reporting tools.
  • Familiarity applying security controls to Cloud applications.