Description
Description
SAIC is seeking an Information System Security Analyst (ISSA) to support a critical U.S. government agency in the National Capital Region. This mid-level role focuses on executing Assessment & Authorization (A&A) activities in accordance with the NIST Risk Management Framework (RMF). The ideal candidate will be responsible for maintaining security documentation, coordinating with stakeholders, and ensuring systems meet compliance requirements for authorization to operate (ATO).
This is a great opportunity for a cybersecurity professional with hands-on experience in RMF, system security documentation, and privacy assessments, particularly those looking to deepen their expertise in a fast-paced, mission-driven federal environment. The ISSA will play a key role in supporting ISSPOs, information system owners, and platform teams through the ATO lifecycle.
Responsibilities:
- Develop and maintain project plans for Assessment & Authorization (A&A) activities.
- Create, review, and update Privacy Impact Assessments (PIAs) and Privacy Threshold Assessments (PTAs).
- Coordinate with internal teams to support security policies, procedures, and guidelines.
- Identify system security requirements and provide recommendations for effective risk mitigation.
- Develop and maintain System Security Plans (SSPs) and associated documentation.
- Review and update system boundary diagrams and technical architecture descriptions.
- Prepare and review privacy control implementation statements to ensure alignment with federal privacy standards.
- Update system documentation for parent, child, and subsystem components following approved changes.
- Schedule and lead kickoff meetings with stakeholders to initiate the ATO process for new systems.
- Serve as the primary liaison between A&A staff, system owners, and technical personnel to ensure documentation accuracy.
- Draft and maintain Interconnection Security Agreements (ISAs) for external systems with persistent VPN connections.
- Review Security Impact Analyses (SIAs) for systems joining or modifying the system boundary.
- Support system categorization and documentation in alignment with NIST SP 800-60 and FIPS 199.
Qualifications
Requirements:
- Bachelor's degree and 5+ years of relevant experience, or Master's degree and 3+ years of experience, or Ph.D. with 0+ years of experience.
- Strong knowledge of the NIST Risk Management Framework (RMF), including SP 800-37, 800-53, 800-60, 800-53A, and FIPS 199/200.
- Experience supporting federal A&A efforts and maintaining system security documentation.
- Excellent organizational, writing, and stakeholder engagement skills.
- Proficiency in Microsoft Office applications, including Word, Excel, PowerPoint, and SharePoint.
Preferred Qualifications:
- Experience using tools such as CSAM, eMASS, or other POA&M/documentation tracking systems.
- Familiarity with FedRAMP, continuous monitoring, and cloud-based system authorizations.
- Certifications such as CAP, Security+, CISSP, or CISM.
- Understanding of privacy controls and federal privacy policy requirements.
Clearance Requirement:
- All candidates must be eligible to obtain a U.S. Public Trust clearance.
**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC accepts applications on an ongoing basis and there is no deadline.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
Apply on company website
Find Connections via Linkedin
