Information Security Analyst, Information Assurance / RMF

Nationwide IT ServicesAlexandria, VA

Apply with Sonara

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.¹

Reclaim your time by letting our AI handle the grunt work of job searching.

We continuously scan millions of openings to find your top matches.

Overview

Schedule

Full-time

Career level

Senior-level

Remote

Hybrid remote

Benefits

Health Insurance

Dental Insurance

Vision Insurance

Job Description

Information Security Analyst, Information Assurance/RMFActive Secret RequiredHybrid scheduleCISSP, CAP, or CISM certification requiredNationwide IT Services, NIS, is seeking an Information Security Analyst/Information Assurance/RMF for the following potential opportunity.Core Responsibilities:

Support the execution of the full cybersecurity and RMF lifecycle for DoD and Federal systems, with emphasis on security control implementation, assessment, authorization, and continuous monitoring activities.
Perform vulnerability scanning and compliance validation, including, but not limited to, ACAS scanning, STIG assessments, SCAP validation, and configuration compliance checks.
Analyze vulnerability scan results, identify false positives, assess risk severity, and support remediation planning in coordination with engineering and operations teams.
Track, document, and manage remediation activities and Plans of Action and Milestones (POA&Ms) through closure, ensuring alignment with mandated timelines and risk tolerance.
Support RMF authorization activities, including initial ATOs, ATO renewals, significant change packages, and continuous authorization (cATO) efforts.
Support and execute Information Security Continuous Monitoring (ISCM) activities, including vulnerability trend analysis, control effectiveness validation, configuration drift monitoring, and security posture reporting.
Support the implementation and monitoring of Zero Trust security principles at a system level, including identity awareness, least privilege access, and continuous validation of users, devices, and workloads.
Prepare, review, and maintain cybersecurity and authorization artifacts in eMASS, including, but not limited to:
- System Security Plans (SSPs)
- Security Assessment Reports (SARs)
- Plans of Action and Milestones (POA&Ms)
- Control implementation narratives and supporting evidence packages
Conduct security control assessments and support independent verification and validation activities.
Assist with the implementation and maintenance of security controls aligned with NIST SP 800-53 and DoD cybersecurity requirements.
Coordinate with system owners, cybersecurity engineers, and program leadership to communicate security findings, risks, and remediation status.
Support cybersecurity audits, inspections, and Cyber Operational Readiness Assessments (CORA), ensuring accurate documentation and evidence traceability.
Assist in maintaining compliance with applicable cybersecurity policies, including FISMA, DoD RMF, DoD Zero Trust guidance, and the DoD Cloud Computing Security Requirements Guide (CC SRG).

Qualifications:

Active Secret clearance required.
Five or more years of experience in information security, information assurance, or cybersecurity operations, with experience supporting RMF-based programs.
Hands-on experience performing vulnerability scanning and compliance assessments using tools such as ACAS, STIG Viewer, and SCAP Compliance Checker.
Experience supporting RMF documentation and authorization packages, including SSPs, SARs, and POA&Ms.
Working knowledge of NIST SP 800-53, NIST RMF, and DoD cybersecurity policies.
Experience using eMASS to support RMF lifecycle activities and track authorization artifacts.
Familiarity with cloud security concepts and environments such as AWS GovCloud or Microsoft Azure Government.
One or more cybersecurity certifications required, including CISSP, CCSP, CISM, and CASP+ ( Renamed SecurityX)

Preferred Qualification:

Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field.

About Nationwide IT ServicesNIS is an IT and Management consulting company that is a CVE-verified Service-Disabled Veteran- Owned Small Business. Our mission is to deliver value-added services to our customers, leveraging technology, people, and industry best practices to implement innovative solutions through our trusted employees and team members. Our benefits package includes medical, dental, and vision insurance, life and disability insurance, 401(k) plan with employer match, paid holidays, PTO (sick/vacation), commuter benefits, employee assistance program (EAP), and educational reimbursement, along with Pet Insurance. Nationwide IT Services, Inc. provides equal employment opportunities (EEO) to all qualified applicants regardless of race, color, religion, sex, national origin, sexual orientation, gender identity, genetics, disability, or protected veteran status. for the following potential opportunity.Core Responsibilities:

Support the execution of the full cybersecurity and RMF lifecycle for DoD and Federal systems, with emphasis on security control implementation, assessment, authorization, and continuous monitoring activities.
Perform vulnerability scanning and compliance validation, including, but not limited to, ACAS scanning, STIG assessments, SCAP validation, and configuration compliance checks.
Analyze vulnerability scan results, identify false positives, assess risk severity, and support remediation planning in coordination with engineering and operations teams.
Track, document, and manage remediation activities and Plans of Action and Milestones (POA&Ms) through closure, ensuring alignment with mandated timelines and risk tolerance.
Support RMF authorization activities, including initial ATOs, ATO renewals, significant change packages, and continuous authorization (cATO) efforts.
Support and execute Information Security Continuous Monitoring (ISCM) activities, including vulnerability trend analysis, control effectiveness validation, configuration drift monitoring, and security posture reporting.
Support the implementation and monitoring of Zero Trust security principles at a system level, including identity awareness, least privilege access, and continuous validation of users, devices, and workloads.
Prepare, review, and maintain cybersecurity and authorization artifacts in eMASS, including, but not limited to:
- System Security Plans (SSPs)
- Security Assessment Reports (SARs)
- Plans of Action and Milestones (POA&Ms)
- Control implementation narratives and supporting evidence packages
Conduct security control assessments and support independent verification and validation activities.
Assist with the implementation and maintenance of security controls aligned with NIST SP 800-53 and DoD cybersecurity requirements.
Coordinate with system owners, cybersecurity engineers, and program leadership to communicate security findings, risks, and remediation status.
Support cybersecurity audits, inspections, and Cyber Operational Readiness Assessments (CORA), ensuring accurate documentation and evidence traceability.
Assist in maintaining compliance with applicable cybersecurity policies, including FISMA, DoD RMF, DoD Zero Trust guidance, and the DoD Cloud Computing Security Requirements Guide (CC SRG).

Qualifications:

Active Secret clearance required.
Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field.
Five or more years of experience in information security, information assurance, or cybersecurity operations, with experience supporting RMF-based programs.
Hands-on experience performing vulnerability scanning and compliance assessments using tools such as ACAS, STIG Viewer, and SCAP Compliance Checker.
Experience supporting RMF documentation and authorization packages, including SSPs, SARs, and POA&Ms.
Working knowledge of NIST SP 800-53, NIST RMF, and DoD cybersecurity policies.
Experience using eMASS to support RMF lifecycle activities and track authorization artifacts.
Familiarity with cloud security concepts and environments such as AWS GovCloud or Microsoft Azure Government.
One or more cybersecurity certifications required, including CISSP, CCSP, CISM, and CASP+ ( Renamed SecurityX)

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.

Apply with Sonara Apply manually

FAQs About Information Security Analyst, Information Assurance / RMF Jobs at Nationwide IT Services

What is the work location for this position at Nationwide IT Services?

This job at Nationwide IT Services is located in Alexandria, VA, according to the details provided by the employer. Some roles may also include multiple work locations depending on the requirement.

What pay range can candidates expect for this role at Nationwide IT Services?

Employer has not shared pay details for this role.

What employment applies to this position at Nationwide IT Services?

Nationwide IT Services lists this role as a Full-time position.

What experience level is required for this role at Nationwide IT Services?

Nationwide IT Services is looking for a candidate with "Senior-level" experience level.

What benefits are offered by Nationwide IT Services for this role?

Nationwide IT Services offers following benefits: Health Insurance, Dental Insurance, Vision Insurance, Disability Insurance, Life Insurance, Paid Holidays, Paid Vacation, Paid Sick Leave, 401k Matching/Retirement Savings, and Tuition/Education Assistance for this position. Actual benefits may vary depending on the employer's policies and employment terms.

What is the process to apply for this position at Nationwide IT Services?

You can apply for this role at Nationwide IT Services either through Sonara's automated application system, which helps you submit applications 10X faster with minimal effort, or by applying manually using the direct link on the job page.