Yesterday
Top Secret/SCI
Mid Level Career (5+ yrs experience)
IT - Security
Reston, VA (On/Off-Site)
The Red Gate Group is seeking a Cyber Risk Analyst to support the Defense Threat Reduction Agency (DTRA) in Reston, VA. In this role, you will serve as a trusted cybersecurity advisor, helping DoD and Intelligence Community programs cut through the noise of evolving cyber threats. By assessing risks, developing mitigation strategies, and guiding clients through the Risk Management Framework (RMF), you’ll ensure mission-critical networks and systems remain secure.
You will collaborate with engineers, SMEs, and stakeholders to evaluate technical, environmental, and personnel vulnerabilities, then translate those insights into actionable security recommendations. From developing authorization packages to delivering briefings and white papers, you will shape cyber risk strategies that protect national security. This role is an opportunity to deepen your expertise in cybersecurity while making an immediate impact on one of the nation’s most vital missions.
Key Responsibilities:
Assess cybersecurity risks for DoD and IC programs, aligning findings with applicable policies and standards.
Lead and support Assessment and Authorization (A&A) activities, including package development, artifact generation, and obtaining Authority to Operate (ATO).
Conduct system security hardening of Windows and Linux operating systems using tools such as ACAS, SCAP, STIG/SRGs, SCC, eMASS/Xacta, ESS, Prisma Cloud, Kubernetes, Rancher, and Docker.
Develop and maintain security documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Privacy Impact Assessments, POA&Ms, and risk assessments.
Guide clients through the RMF lifecycle, ensuring compliance with NIST and CNSSI standards.
Present findings and recommendations to leadership through white papers, briefings, and milestone reports.
Collaborate with multidisciplinary teams to integrate security into system engineering and acquisition processes.
Qualifications
Active TS/SCI clearance.
5+ years of experience working in a professional IT environment.
3+ years of experience in cybersecurity.
3+ years of experience with Assessment and Authorization (A&A) for DoD/IC programs.
Experience with security hardening of Windows and Linux systems and security tools (ACAS, SCAP, STIG/SRGs, SCC, eMASS/Xacta, ESS, Prisma Cloud, Kubernetes, Rancher, Docker).
Experience generating and maintaining A&A documentation (SSPs, SAPs, POA&Ms, risk assessments, etc.).
Knowledge of RMF processes and associated standards, including NIST SP 800-53, NIST SP 800-60, and CNSSI 1253.
IAT Level II certification (e.g., Security+).
Desired Qualifications:
Experience supporting DoD or IC cybersecurity programs.
Experience with DevSecOps, CI/CD, and Path-to-Production.
Experience with Cloud Authorization and Cloud Migration.
Experience administering Red Hat Enterprise Linux or Windows Server 2012+.
Ability to provide input to system engineering documents (TRDs, ICDs, specifications).
Strong communication skills, with the ability to explain technical issues to both technical and non-technical audiences.
Bachelor’s degree in a related field.
You will collaborate with engineers, SMEs, and stakeholders to evaluate technical, environmental, and personnel vulnerabilities, then translate those insights into actionable security recommendations. From developing authorization packages to delivering briefings and white papers, you will shape cyber risk strategies that protect national security. This role is an opportunity to deepen your expertise in cybersecurity while making an immediate impact on one of the nation’s most vital missions.
Key Responsibilities:
Assess cybersecurity risks for DoD and IC programs, aligning findings with applicable policies and standards.
Lead and support Assessment and Authorization (A&A) activities, including package development, artifact generation, and obtaining Authority to Operate (ATO).
Conduct system security hardening of Windows and Linux operating systems using tools such as ACAS, SCAP, STIG/SRGs, SCC, eMASS/Xacta, ESS, Prisma Cloud, Kubernetes, Rancher, and Docker.
Develop and maintain security documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Privacy Impact Assessments, POA&Ms, and risk assessments.
Guide clients through the RMF lifecycle, ensuring compliance with NIST and CNSSI standards.
Present findings and recommendations to leadership through white papers, briefings, and milestone reports.
Collaborate with multidisciplinary teams to integrate security into system engineering and acquisition processes.
Qualifications
Active TS/SCI clearance.
5+ years of experience working in a professional IT environment.
3+ years of experience in cybersecurity.
3+ years of experience with Assessment and Authorization (A&A) for DoD/IC programs.
Experience with security hardening of Windows and Linux systems and security tools (ACAS, SCAP, STIG/SRGs, SCC, eMASS/Xacta, ESS, Prisma Cloud, Kubernetes, Rancher, Docker).
Experience generating and maintaining A&A documentation (SSPs, SAPs, POA&Ms, risk assessments, etc.).
Knowledge of RMF processes and associated standards, including NIST SP 800-53, NIST SP 800-60, and CNSSI 1253.
IAT Level II certification (e.g., Security+).
Desired Qualifications:
Experience supporting DoD or IC cybersecurity programs.
Experience with DevSecOps, CI/CD, and Path-to-Production.
Experience with Cloud Authorization and Cloud Migration.
Experience administering Red Hat Enterprise Linux or Windows Server 2012+.
Ability to provide input to system engineering documents (TRDs, ICDs, specifications).
Strong communication skills, with the ability to explain technical issues to both technical and non-technical audiences.
Bachelor’s degree in a related field.
group id: 10349707
