IA EngineerSecurity Analyst IISCA DOJ

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: 24-10-2025

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks an Information Assurance/Security Analyst II/SCA to join our program supporting the Department of Justice (DOJ). This position is fully remote. The position requires a Public Trustclearance.

Qualifications:

Bachelors degree in Information Technology Computer Science or other related fields
Active Public Trust clearance
Must be familiar with the Risk Management Framework (RMF) and the NIST 800-53 Rev 5 controls.
Must have experience using CSAM or other RMF approved system of record.
Conduct an in-depth assessment of the management operations and technical security controls.
Analyze information and prepare reports describing the vulnerability level of the network with specific details as to what compromises data systems.
2 years of experience and hold the AWS Certified Cloud Practitioner certification and or one of the following certifications: CompTIA Security certification Certified Ethical Hacker (CEH) CompTIA Advanced Security Practitioner (CASP or CASP) Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP).

Duties:

Conduct in-depth assessments of management operational and technical security controls within the organizations IT environment.
Evaluate systems in both on-premise and cloud-based infrastructures including Amazon Web Services (AWS) platforms.
Use tools such as CSAM (Cyber Security Assessment and Management) or other RMF-approved systems of record for documentation and reporting.
Apply the Risk Management Framework (RMF) in all assessment activities.
Ensure compliance with NIST 800-53 Revision 5 controls assessing systems against federal standards for confidentiality integrity and availability.
Develop and maintain plans of action and milestones (POA&Ms) to address identified security gaps.
Analyze collected data to prepare comprehensive vulnerability assessment reports outlining the level of risk and potential system compromise.
Provide specific recommendations and remediation steps for discovered vulnerabilities.
Create documentation plans to track corrective actions and maintain continuous monitoring.
Engage in ongoing security monitoring to ensure that previously identified vulnerabilities are resolved and that new threats are promptly detected.
Support continuous compliance with federal information assurance standards and agency-specific policies.
Work independently and as part of a team to assess systems communicate findings and coordinate with system owners and other stakeholders.
Present results and recommendations in written and oral formats that can be understood by both technical and non-technical audiences.

Required Experience:

Senior IC

Bachelors degree in Information Technology Computer Science or other related fields
Active Public Trust clearance
Must be familiar with the Risk Management Framework (RMF) and the NIST 800-53 Rev 5 controls.
Must have experience using CSAM or other RMF approved system of record.
Conduct an in-depth assessment of the management operations and technical security controls.
Analyze information and prepare reports describing the vulnerability level of the network with specific details as to what compromises data systems.
2 years of experience and hold the AWS Certified Cloud Practitioner certification and or one of the following certifications: CompTIA Security certification Certified Ethical Hacker (CEH) CompTIA Advanced Security Practitioner (CASP or CASP) Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP).

Duties:

Conduct in-depth assessments of management operational and technical security controls within the organizations IT environment.
Evaluate systems in both on-premise and cloud-based infrastructures including Amazon Web Services (AWS) platforms.
Use tools such as CSAM (Cyber Security Assessment and Management) or other RMF-approved systems of record for documentation and reporting.
Apply the Risk Management Framework (RMF) in all assessment activities.
Ensure compliance with NIST 800-53 Revision 5 controls assessing systems against federal standards for confidentiality integrity and availability.
Develop and maintain plans of action and milestones (POA&Ms) to address identified security gaps.
Analyze collected data to prepare comprehensive vulnerability assessment reports outlining the level of risk and potential system compromise.
Provide specific recommendations and remediation steps for discovered vulnerabilities.
Create documentation plans to track corrective actions and maintain continuous monitoring.
Engage in ongoing security monitoring to ensure that previously identified vulnerabilities are resolved and that new threats are promptly detected.
Support continuous compliance with federal information assurance standards and agency-specific policies.
Work independently and as part of a team to assess systems communicate findings and coordinate with system owners and other stakeholders.
Present results and recommendations in written and oral formats that can be understood by both technical and non-technical audiences.