Job Description

Zachary Piper Solutions is seeking a Security Analyst/Documentation SME with a focus on Authority to Operate (ATO) processes and documentation development, including Security System Plans (SSPs) to support the CDM Program. The Security Analyst/ ATO & Documentation SME will focus on adhering to NIST guidelines (800-37, 800-53), selecting and applying controls, and managing documentation throughout the ATO accreditation process.

Key Responsibilities:

• Lead ATO accreditation efforts, including documentation control, compliance with security controls, and the development of implementation plans.
• Collaborate on security engineering tasks and guide teams in the proper application of security controls.
• Maintain comprehensive documentation for security controls, policies, and accreditation activities.
• Conduct security assessments and audits, particularly in AWS environments.
• Provide security analysis and oversight for General Support Systems (GSS) and Major Applications, with a focus on high-complexity systems.

Qualifications:

• US citizenship with ability to obtain Public Trust Suitability
• Bachelor’s degree or 5 years of relevant experience
• Proven experience in federal cybersecurity, particularly in managing ATO documentation and processes.
• Proficiency with NIST standards, including 800-37 and 800-53, with strong knowledge of control families.
• Experience with FedRAMP processes and AWS security.
• Previous experience in a 3PAO or auditing role is a plus.
• Strong ability to manage and deliver security documentation in compliance with federal standards.
• 1 year supporting systems deployed in cloud hosting environments
• Experience with large systems and AWS environments is highly desirable.

Desired skills:

• Ability to execute agent and agentless security scans (i.e., Nessus, Burpsuite)
• Ability to evaluate code, logic, and data flows within COTS and custom applications
• Familiarity with AWS’ well architected framework
• Familiarity with Cloud-based security requirements and implementation of best practices
• Familiarity with code repositories, particularly Git/GitHub
• Relevant cybersecurity certifications including CISSP, CISM, Security+, etc.

Compensation:

Salary: $130,000- $151,000/ year

Clearance requirement: ability to obtain a Public Trust (ability to hold a higher-level security clearance for the right candidate)

Location: 100% remote, required core hours 10am-3pm EST

Benefits: health, dental, vision, 401K, etc

Key words: Security Analyst, Documentation SME, document, documents, documented, documenting, SME, Security SME, assesses, assessed, assessor, assessment, assess, assess security risks, analyze, analyzed, analyzing, analyzation, analyzes, analyze security data, develop, developed, develops, developing, development, implement, implements, implemented, implementing, implementation, implement, security strategies, protected, protects, protecting, protection, protect, technology infrastructure and data, supports, supporting, supported, attain, attaining, attained, maintain, maintaining, maintains, maintained, maintaining, authority to operate, ATO, documentation, analysis, policy compliance, execution, execute, executes, executing, executed, system security activities, understand, understands, understood, understanding, network protocols, operating systems, cybersecurity best practices, guard guarded, guards, guarding, cyber threats, assists, assisted, assisting, assistance, Assist, production-systems data management, analyzing performance, identifying problems, identify, identification, identified, identifies, developing, recommendations, recommend, recommended, recommending, cybersecurity initiatives, Collaborate, collaborated, collaborates, collaborating, collaboration, collects, collected, collecting, collect, analyze, present, presented, presents, presentation, recommendations, security posture, risks, mitigations, evaluates, evaluated, evaluating, evaluation, Evaluate, system functions, writing security control language, standard operating procedures, SOPs, SOP, Assess, system vulnerabilities, security scans, provide, provided, providing, provides, provided, courses of action recommendations, remediation support, system security awareness, monitoring, alerting, security documents, compliance, track, POA&Ms, creation to completion, Create, maintain, dashboards, inform, cyber risk posture, US citizenship, Public Trust Suitability, Bachelor’s degree, Federal cyber security domain, governance and risk management, business continuity and disaster recovery, encryption, software development security, access control, network security, secure architecture, security operations, implementing, implements, implemented, implementation, NIST RMF, writing security control responses, delivering Federal cybersecurity reporting, compliance requirements, evaluating system security posture, application level to underlying infrastructure, systems deployed in cloud hosting environments, security concepts, governing policy, compliance, communication, communicated, communicates, communicate, execute security scans, Nessus, Burpsuite, evaluate code, evaluate logic, evaluate data flows, COTS, commercial off the shelf, AWS, AWS framework, Cloud-based security requirements, code repositories, Git, GitHub, cybersecurity certifications, CISSP, CISM, Security+, accreditation SME, ATO analyst, NIST 800-37, NIST 800-53