ISSO / Cybersecurity Analyst (RMF / ATO)

Job Description

Company: Clearpath Consulting Group

Location: Washington, US

Overview

Join our dynamic cybersecurity team as an ISSO / Cybersecurity Analyst specializing in Risk Management Framework (RMF) and Authority to Operate (ATO) processes. In this vital role, you will lead efforts to develop, implement, and maintain robust security strategies that safeguard our IT infrastructure and ensure compliance with federal standards. Your expertise will drive the security posture of complex systems, enabling seamless operations while managing risk effectively.
This position offers an exciting opportunity to work at the forefront of cybersecurity, leveraging cutting-edge tools and methodologies to protect critical information assets.

Responsibilities

• Lead the development, review, and maintenance of system security plans in accordance with NIST standards and RMF guidelines.

• Conduct comprehensive vulnerability assessments and vulnerability research to identify potential threats within IT infrastructure, including LAN, WAN, SAN, and cloud environments such as AWS and Google Cloud Platform.

• Manage system authorization processes by preparing documentation for Security Authorization Packages (SAPs) and coordinating with authorizing officials to obtain ATO approvals.

• Implement system hardening procedures across operating systems like Debian, CentOS, Ubuntu, openSUSE, and Windows, ensuring compliance with FIPS standards and best practices.

• Perform continuous security analysis using SIEM tools such as Splunk or SolarWinds to monitor network activity, detect threats via IDS/IPS systems like Cisco ASA or Palo Alto firewalls, and respond swiftly to incidents.

• Oversee incident response activities including incident management, incident recovery, and threat detection & response strategies to minimize impact on operations.

• Support network engineering tasks involving routing protocols (OSPF, BGP), network protocols (TCP/IP, IPsec), VPN configurations, and network support functions for LAN/WAN infrastructure.

• Collaborate with cross-functional teams on system administration tasks involving virtualization (VMware vSphere), cloud architecture (Azure, AWS), automation tools like Ansible or Terraform, and system security hardening efforts.

• Ensure compliance with relevant standards such as FISMA, PCI DSS, COBIT, ISO 27000 series (including ISO ), and FedRAMP by conducting regular audits and assessments.

• Maintain documentation related to system security plans (SSPs), open-source security configurations like SELinux or GPO policies, and network architecture diagrams.

Experience

• Proven experience in cybersecurity analysis within government or enterprise environments focusing on RMF / ATO processes.

• Strong knowledge of computer networking concepts including LAN/WAN design, routing protocols (EIGRP, OSPF), network installation/configuration, and network management tools.

• Hands-on experience with network security devices such as Cisco ISE for identity & access management; Cisco routers; firewalls including Cisco ASA; IDS/IPS systems; VPN technologies; load balancing solutions; and SIEM platforms like Splunk or SolarWinds.

• Familiarity with vulnerability management tools for vulnerability assessment & research; threat intelligence platforms; incident management frameworks; and disaster recovery planning.

• Technical proficiency in operating systems such as Windows Server environments, Linux distributions (CentOS, Debian), macOS, Android/iOS mobile platforms; along with scripting skills in Bash or PowerShell for automation tasks.

• Knowledge of cloud computing services including AWS cloud infrastructure services (IaaS/PaaS), cloud architecture best practices, and open-source tools like Terraform for infrastructure as code deployment.

• Experience working within Agile development environments using SDLC principles; familiarity with ITIL frameworks for IT governance; and adherence to cybersecurity standards such as FIPS 140-2/140-3 encryption standards.

• Ability to communicate complex technical concepts clearly to technical teams and non-technical stakeholders while maintaining meticulous documentation of security procedures. This role is perfect for motivated cybersecurity professionals eager to make a tangible impact by protecting vital information systems through innovative solutions aligned with industry-leading standards!

Pay: $70.00 – $85.00 per hour
Work Location: Hybrid remote in Washington, DC 20001

Source: BeBee