123 Security Analyst jobs in the United States

Job Description

Sr Security Analyst/Vulnerability Management Lead

Bethesda, MD

AAC is seeking Senior Security Analyst / Vulnerability Management Lead to join our security compliance team. In this role, you will work closely with the Information Systems Security Officer (ISSO) and play a critical part in safeguarding organization’s IT infrastructure. You will be part of a broader IT program that provides end-to-end support—including help desk, systems, network, incident response and security services—ensuring the availability, integrity, and confidentiality of mission-critical systems.

The position requires on-site presence 3 to 5 days per week. The on-site requirements are subject to change based on the needs and requirements of the organization.

Responsibilities include, but are not limited to:
• Lead the agency’s vulnerability management lifecycle using Tenable.sc, Tenable.io, Nessus Manager, and Nessus scanners (on-prem and cloud).
• Analyze, prioritize, and track remediation of vulnerabilities in coordination with IT operations and system owners.
• Maintain scan schedules, asset groups, scan policies dashboards, and reports tailored to agency infrastructure and communicate risk posture and remediation progress to relevant infrastructure, application, and cloud teams to remediate vulnerabilities.
• Define the scanner and security center architecture, refine data flows and synchronizations, tune scanning configurations to minimize false positives and ensure the best coverage.
• Develop and maintain documentation for system setup, operation, vulnerability management processes, exceptions, and remediation tracking.
• Support implementation of security projects that require compliance with relevant government policies or standards.
• Act as SME for vulnerability management tools and processes.
• Ensure systems and practices comply with FISMA and FedRAMP related Security Assessment and Authorization (SA&A) and compliance for the organization’s IT programs.
• Assist in coordination, implementation, communication, and enforcement of the organization’s IT security policies.
• Support incident response.

Requirements:
• Requires bachelor’s degree in computer science, cyber security, engineering, or a related technical field. Additional experience and relevant certifications may be considered in leu of a degree.
• 5-7 years of progressive and related experience in IT security with at least 3 years in vulnerability management.
• Expert knowledge of IT security vulnerabilities and risk assessments with the ability to explain the risks associated with them to executives, program, and technology staff.
• Expert knowledge of Tenable.sc (on-prem) and Tenable.io (cloud).
• Strong knowledge of vulnerability management lifecycle, patch management, and risk scoring (e.g., CVSS2).
• Familiarity with cloud platforms (AWS and GCP) and hybrid environments.
• Understanding of Windows, Linux/Unix, and network devices security hardening.
• Ability to work with program staff, executives, security application vendors and technology staff to achieve IT security goals and objectives.
• Experience developing and maintaining Security Assessment and Authorization (SA&A) documentation for large IT systems for the Federal Government.
• Excellent working experience in applying FISMA, and FedRAMP processes and policies to information systems.
• Experience with Checkmarx and Checkmarx One (SaaS). Migration experience to Checkmarx One is desirable.
• Strong communication skills (both technical and non-technical) and ability to collaborate across IT, security, and business units.
• Ability to effectively communicate orally and in writing.
• Experience supporting a nationwide mid-to large Federal agency enterprise is a plus.
• CISSP certification required (or ability to obtain within 6 months of start).
• Must be able to obtain an agency suitability clearance prior to start.

Desired Qualifications:
• Experience with scripting and automation (e.g., Python, PowerShell) to automate scanning tasks, reporting, and API integrations; administration and operation of security scanning and vulnerability management platforms such as Nessus.
• Deep expertise with SIEM platforms and integration of vulnerability data into enterprise monitoring.
• Understanding of the Secure Software Development Life Cycle.
• Master’s degree or additional security or cloud certifications (e.g., CISM).

AAC Inc. is a veteran owned company and was founded in 1983 in Vienna, VA. AAC Inc has 100 total employees at client sites across the U.S. Since 1983, AAC has assisted our customers to transform and modernize their enterprise architecture, processes, applications, and infrastructure, with the focus on Cloud, Cyber, Enterprise IT, Systems Engineering and United Communication Services. Our mission remains to provide innovative and cost-effective technology-based solutions to meet our customer’s mission and business requirements. Our ability to deliver across the full scope of requirements, both operationally and strategically has set us apart from our competitors as we are able to balance risk against the right solutions.

AAC Inc. is a veteran owned company and was founded in 1983 in Vienna, VA. AAC Inc has 100 total employees at client sites across the U.S. Since 1983, AAC has assisted our customers to transform and modernize their enterprise architecture, processes, applications, and infrastructure, with the focus on Cloud, Cyber, Enterprise IT, Systems Engineering and United Communication Services. Our mission remains to provide innovative and cost-effective technology-based solutions to meet our customer’s mission and business requirements. Our ability to deliver across the full scope of requirements, both operationally and strategically has set us apart from our competitors as we are able to balance risk against the right solutions.

Job Description

We are looking for exceptionally talented and motivated individuals to help us deliver the world’s best cybersecurity compliance services to our customers. TraceSecurity is a cybersecurity service and software provider servicing financial, health care, and other institutions.

The function of a TraceSecurity ISA is to work directly with clients to perform a variety of Information Security services. TraceSecurity will teach the analyst to use a wide variety of tools and techniques, so it is imperative that the candidate possesses a desire to learn in a fast-paced environment. Since a majority of our engagements are performed onsite with the client, this position requires up to 50%-75% travel. Applicants should have 2 or more years’ experience in an IT-related field.

Requirements:

• Effective verbal and written communication skills
• Ability to travel approximately 50%
• Basic understanding of security frameworks, such as ISO 27001, NIST 800-53, HIPAA/HITECH, or PCI DSS
• Fundamental understanding of operating systems, including Windows, Mac, and Linux
• Computer Networking experience
• Systems Administration experience
• Self-driven to continuously develop professionally within the information security space
• Works well within a team environment
• College degree and/or equivalent IT industry training or work experience
• Strong Problem-Solving abilities
• Positive Attitude

Preferred Skills, Experience, and Certifications:

• Security solutions (IDS/IPS, firewalls, SIEM, DLP)
• Security Risk Assessments
• Information Security-related certifications (CISSP, CISA, CEH, Security+, etc)
• Information Technology & Networking-related certifications (MCSA, MCSE, A+, Network+, CCNA, etc)

TraceSecurity is a leading provider of cybersecurity and compliance solutions that help organizations of all sizes reduce the risk of cyber breaches and demonstrate compliance. TraceSecurity offers a comprehensive portfolio of solutions that allow organizations to manage their information security program and supplement it with third-party validation and testing. TraceSecurity’s suite of information security services includes IT risk assessments and audits, social engineering, penetration testing, and security training.

With market experience that spans over 2,000 customers, TraceSecurity offers the insight, products, professional services and partners to support the security and risk management efforts of organizations of all sizes across all industries.

TraceSecurity is a leading provider of cybersecurity and compliance solutions that help organizations of all sizes reduce the risk of cyber breaches and demonstrate compliance. TraceSecurity offers a comprehensive portfolio of solutions that allow organizations to manage their information security program and supplement it with third-party validation and testing. TraceSecurity’s suite of information security services includes IT risk assessments and audits, social engineering, penetration testing, and security training.

With market experience that spans over 2,000 customers, TraceSecurity offers the insight, products, professional services and partners to support the security and risk management efforts of organizations of all sizes across all industries.

Job Description

Imagine One Technology & Management is currently seeking an Information Security Analyst “contingent” on award of the associated work to the Imagine One Team. This position supports the U.S. Navy in Lexington Park, Maryland.

The Information Security Analyst will plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. They may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. They may also respond to computer security breaches and viruses.

Experience Requirements:

• Qualifying candidates must possess ONE of the following required qualifications:

  • Minimum of five (5) years of experience carrying out duties similar to the functions above
  • NAVEDTRA 43350 (Malware)
  • NAVEDTRA 43469 Watchstation 303 - Information Assurance Technician Level III
  • NAVEDTRA 43301-5B LCS Total Shipboard Computing Environment (TSCE)
  • NAVEDTRA 43469 Watchstation 304 - Information Assurance Manager
  • JQR Incident Handling QC Analyst (306)
  • JQR Incident Handling Trends Analyst (305)
  • JQR Information Assurance Vulnerabilities Management (VAAP - Vulnerability Analysis and Assistance Program)
  • Experience in the following areas:
  • Enterprise Mission Assurance Support Service (eMASS)
  • Vulnerability Remediation Asset Manager (VRAM)
  • Navy Risk Management Framework (RMF) SOPs
  • Microsoft Defender for Endpoint (MDE)
  • Continuous Monitoring and Risk Scoring (CMRS)
• Experience with performing STIG implementation
• Experience performing vulnerability assessments with the Assured Compliance Assessment Solution (ACAS) tool
• Experience remediating vulnerability findings to include implementing vendor patches
• Experience reviewing RMF documentation such as system categorization, Security Plan, Implementation Plan, Security Assessment Plan, System Level Continuous Monitoring (SLCM) Plan, System POA&M

Educational Requirements:  

• Qualifying candidates must possess ONE of the following required educational qualifications:

  • Bachelor’s degree
  • CNSSI 4012-Senior Systems Managers/4013-System Administrators/4014 -Information Systems Security Officers (ISSO) /4015-Systems Certifiers/4016-Risk Analysts
  • NDU CIO certificate-Chief Information Officer (CIO)
  • Computer Hacking Forensic Investigator (CHFI)
  • GIAC Reverse Engineering Malware (GREM)
  • CISM
  • GIAC Certified Incident Handler (GCIH)
  • EC-Council Certified Incident Handler (ECIH)
  • GIAC Certified Forensics Analyst (GCFA)
  • CEH
  • CISSP
  • GSEC
  • Licensed Penetration Tester (LPT) *Retired
  • CASP+
  • GSLC
  • CSSLP
  • NEC 741A Information System Security Manager
  • NEC 742A Network Security Vulnerability Technician
  • NEC H10A Basic Cyber Analyst/Operator
  • NETW 4001 Security Plus
  • SSC 6209-Network Operations and Technology
  • Hunt Methodologies Course (HMC)
  • Intermediate Cyber Core (ICC)
  • CYBR2100 Certified Ethical Hacker
  • CYBR2150
  • CYBR3420 Intermediate Cyber Core

Security Requirements:

• Candidates must have U.S. Citizenship

• Candidates must have an ACTIVE DoD Secret Clearance (or higher)

Imagine One Technology & Management, Ltd., offers a full package of benefits and competitive salary, excellent group medical, vision, and dental programs. 401K savings plan; $4K annual tuition reimbursement ($5K if pursuing master’s degree); employee training, development, and education programs; profit sharing; advancement opportunities; and much more!

ISO 9001:2015, ISO 2000-1:2018, ISO 27001:2013
CMMI Development and Services - Maturity Level 3
An Employee-Owned Business

EEO/Veterans/Disabled

*Imagine One “Contingent” offers for employment may stipulate that one or more requirements be satisfied before final commitment between candidate and Imagine One is established; namely, award of contract to the Imagine One Team. Contingent requirements vary and may also include, but not be limited to additional factors (i.e., the position still being available after negotiations with the Government; final approval of your qualifications by the Government; or ability to successfully acquire and/or

Job Description

Personnel Security Analyst

Position Summary:

Position Description:

Personnel Security Analyst

Location:

Hanover, MD or Fort Meade, MD

Work Posture:

On-site (Telework on a situational/ad-hoc basis)

Travel:

Occasional

Deployment:

No

Drug screening:

Yes

Security Clearance:

Citizenship:

TS with SCI preferred

Must be a U.S. Citizen

Education Requirement:

Bachelor’s degree in a related field (or equivalent work experience).

Required Experience

• Minimum of 1-2 years of experience in personnel security, suitability, background investigations, or related compliance work.
• In-depth knowledge mission and specific task knowledge related to any of the following:
  • Knowledge of security clearance policies, guidelines, and adjudication standards (e.g., SEAD 4, National Adjudicative Guidelines).
• Experience using security systems such as DISS, Scattered Castles, NBIS, or similar databases.
• Ability to analyze complex vetting data, identify patterns, and assess security risks.
• Strong report-writing skills and ability to provide recommendations on clearance eligibility.
• Familiarity with insider threat programs and risk mitigation strategies.

Salary:

Commensurate with experience

Responsibilities:

SANCORP is seeking a Personnel Security Analyst in support of Personnel Security Support Services within the Defense Counterintelligence and Security Agency. The following are examples of responsibilities:

• Conduct in-depth analysis of continuous vetting alerts and adjudicative cases.
• Assess risk factors based on financial, criminal, foreign influence, and other security concerns.
• Draft detailed risk assessments and security recommendations for senior leadership.
• Work closely with government security officers and investigators to resolve personnel security issues.
• Maintain compliance with security regulations and contribute to process improvements.

Sancorp Consulting LLC shall, in its discretion, modify or adjust the position to meet Sancorp’s changing needs. This job description is not a contract and may be adjusted as deemed appropriate at Sancorp’s sole discretion.

Sancorp Consulting, LLC, is an SDVOSB and SBA 8(a) company seeking highly motivated and qualified professionals and offer an attractive salary and benefits package that includes: Medical, Dental, life and Disability Insurance; 401K, and holidays to ensure the highest quality of life for our employees. Please visit our website for more information at

Sancorp Consulting, LLC is an equal opportunity employer. At Sancorp Consulting, LLC we are committed to providing equal employment opportunities (EEO) to all employees and applicants without regard to race color, religion, sex, national origin, age, disability, or any other protected characteristic as defined by applicable law. We strive to create an inclusive and diverse workplace where everyone feels valued, respected, and supported.

Job Description

Who is Saliense?

Saliense is a growing Management and Technology Consulting Solutions provider based out of Mclean, VA. We work to solve our client’s toughest challenges within the Defense, Civilian, Financial, and Healthcare industries. Our diverse employees support vital missions for government and commercial customers. For more information, visit

Why Saliense?

In addition to providing a fun, energetic environment that promotes innovation and personal growth, we offer excellent compensation packages with plenty of opportunities for advancement. We pay 100% of the premiums for employee Healthcare, including medical, dental, and vision. We offer a 401K match, and all company contributions are 100% vested immediately. Since we believe in work-life balance so much, we offer 20 days of paid leave per year. Use it as you need it or use it all at once and go travel for a month! We are proud to offer parental leave.

There are many more - connect with us to get a preview of the full benefits package.

Saliense has a new opportunity for an Information Security Analyst to support the U.S. Marshals in Arlington, VA.

This is a hybrid position that requires 2 days onsite every other week in Arlington, VA.

Information Security Analyst must have experience (i.e., a minimum of one (1) year) within federal information systems security policy and implementation. At a minimum, a core set of knowledge of federal information system security policy, industry best practices, security control assessments, Plan of Action and Milestones (POA&M) management, system authorizations, configuration management, and system analysis.

Responsibilities:

• Develop and execute test plans of the OMB Circular A-123 internal control assessments.

• Develop and execute test plans of the FISMA internal control assessments.

• Determine, gather, examine, and analyze artifacts related to OMB Circular A-123 security control assessments and remediation verification.

• Determine, gather, examine, and analyze artifacts related to FISMA security control assessments and remediation verification.

• Document all assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions.

• Provide recommendations and guidance for corrective action of all non-compliant security controls.

• Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current.

• Provide support for verifying compliance with the Federal Information System Modernization Action (FISMA) as part of both internal and external control assessments/audits across all accredited agency information technology systems.

• Provides technical evaluations of customer systems and assists with making security improvements.

• Conducts security product evaluations, and recommends products, technologies, and upgrades to improve the customer’s security posture.

Required Experience:

• Must have a minimum of one (1) year of federal information systems security experience.

• Minimum Educational Requirements: BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science, or other technology-related discipline.

***Saliense Consulting LLC provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall,

Job Description

Role: Junior Information Security Analyst (Non-Exempt)

Location: New York City (Downtown Financial District)

Purpose of Role:

The Junior Information Security Analyst plays a critical role in supporting the organization's information security and risk management initiatives. This position is designed to assist in safeguarding sensitive information and ensuring compliance with relevant cybersecurity regulations and standards. By conducting assessments, managing third-party risks, and participating in training and policy development, the Junior Analyst contributes to the overall security posture of the organization. This role fosters a culture of awareness and vigilance against potential threats.

Major Responsibilities:

• Manage and respond to confirmation requests from financial institutions, ensuring timely and accurate communication.
• Assist in conducting IT/IS Risk Assessments and Internal Audits.
• Support the review, revision, compilation, and maintenance of Information Security (IS) policies and procedures, including documentation for the Information Security Steering Committee (ISSC) and sections for Management Information System (MIS) reports.
• Assist in managing third-party information security risks by participating in vendor evaluations and software assessments.
• Develop a foundational understanding of relevant Cybersecurity regulations and standards, such as NYDFS Part 500, FFIEC, and NIST.
• Participate in cybersecurity awareness training sessions for general users, providing support for uploads and addressing questions or issues.
• Assist in drafting, reviewing, and revising IS policies and procedures.
• Contribute to vendor reviews and evaluations, including partnerships such as Equinix.
• Assist in confirming ownership of official email accounts and report findings regarding local

Job Description

POSITION SUMMARY

The IT Security Analyst plays a key role in safeguarding the organization's digital assets and ensuring information systems' confidentiality, integrity, and availability. In addition to monitoring, analyzing, and responding to security incidents and threats, the position oversees access control measures and manages permissions for the organization's corporate domain and applications. Collaborating with cross-functional teams, the IT Security Analyst assesses risks, implements security controls, and ensures compliance with industry standards and regulations.

ESSENTIAL ROLES AND RESPONSIBILITIES

• User