We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Nationwide IT Services jobs

Information Security Analyst, Information Assurance / RMF

Nationwide IT Services
vision insurance, paid holidays, 401(k)
United States, Virginia, Alexandria
Jan 15, 2026
Information Security Analyst, Information Assurance/RMF
Active Secret Required
Hybrid schedule
CISSP, CAP, or CISM certification required

Nationwide IT Services, NIS, is seeking an Information Security Analyst/Information Assurance/RMF for the following potential opportunity.

Core Responsibilities:
  • Support the execution of the full cybersecurity and RMF lifecycle for DoD and Federal systems, with emphasis on security control implementation, assessment, authorization, and continuous monitoring activities.
  • Perform vulnerability scanning and compliance validation, including, but not limited to, ACAS scanning, STIG assessments, SCAP validation, and configuration compliance checks.
  • Analyze vulnerability scan results, identify false positives, assess risk severity, and support remediation planning in coordination with engineering and operations teams.
  • Track, document, and manage remediation activities and Plans of Action and Milestones (POA&Ms) through closure, ensuring alignment with mandated timelines and risk tolerance.
  • Support RMF authorization activities, including initial ATOs, ATO renewals, significant change packages, and continuous authorization (cATO) efforts.
  • Support and execute Information Security Continuous Monitoring (ISCM) activities, including vulnerability trend analysis, control effectiveness validation, configuration drift monitoring, and security posture reporting.
  • Support the implementation and monitoring of Zero Trust security principles at a system level, including identity awareness, least privilege access, and continuous validation of users, devices, and workloads.
  • Prepare, review, and maintain cybersecurity and authorization artifacts in eMASS, including, but not limited to:
    • System Security Plans (SSPs)
    • Security Assessment Reports (SARs)
    • Plans of Action and Milestones (POA&Ms)
    • Control implementation narratives and supporting evidence packages
  • Conduct security control assessments and support independent verification and validation activities.
  • Assist with the implementation and maintenance of security controls aligned with NIST SP 800-53 and DoD cybersecurity requirements.
  • Coordinate with system owners, cybersecurity engineers, and program leadership to communicate security findings, risks, and remediation status.
  • Support cybersecurity audits, inspections, and Cyber Operational Readiness Assessments (CORA), ensuring accurate documentation and evidence traceability.
  • Assist in maintaining compliance with applicable cybersecurity policies, including FISMA, DoD RMF, DoD Zero Trust guidance, and the DoD Cloud Computing Security Requirements Guide (CC SRG).
Qualifications:
  • Active Secret clearance required.
  • Five or more years of experience in information security, information assurance, or cybersecurity operations, with experience supporting RMF-based programs.
  • Hands-on experience performing vulnerability scanning and compliance assessments using tools such as ACAS, STIG Viewer, and SCAP Compliance Checker.
  • Experience supporting RMF documentation and authorization packages, including SSPs, SARs, and POA&Ms.
  • Working knowledge of NIST SP 800-53, NIST RMF, and DoD cybersecurity policies.
  • Experience using eMASS to support RMF lifecycle activities and track authorization artifacts.
  • Familiarity with cloud security concepts and environments such as AWS GovCloud or Microsoft Azure Government.
  • One or more cybersecurity certifications required, including CISSP, CCSP, CISM, and CASP+ ( Renamed SecurityX)
Preferred Qualification:
  • Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or a related field.

About Nationwide IT Services
NIS is an IT and Management consulting company that is a CVE-verified Service-Disabled Veteran- Owned Small Business. Our mission is to deliver value-added services to our customers, leveraging technology, people, and industry best practices to implement innovative solutions through our trusted employees and team members.

Our benefits package includes medical, dental, and vision insurance, life and disability insurance, 401(k) plan with employer match, paid holidays, PTO (sick/vacation), commuter benefits, employee assistance program (EAP), and educational reimbursement, along with Pet Insurance.

Nationwide IT Services, Inc. provides equal employment opportunities (EEO) to all qualified applicants regardless of race, color, religion, sex, national origin, sexual orientation, gender identity, genetics, disability, or protected veteran status. for the following potential opportunity.

Core Responsibilities:
  • Support the execution of the full cybersecurity and RMF lifecycle for DoD and Federal systems, with emphasis on security control implementation, assessment, authorization, and continuous monitoring activities.
  • Perform vulnerability scanning and compliance validation, including, but not limited to, ACAS scanning, STIG assessments, SCAP validation, and configuration compliance checks.
  • Analyze vulnerability scan results, identify false positives, assess risk severity, and support remediation planning in coordination with engineering and operations teams.
  • Track, document, and manage remediation activities and Plans of Action and Milestones (POA&Ms) through closure, ensuring alignment with mandated timelines and risk tolerance.
  • Support RMF authorization activities, including initial ATOs, ATO renewals, significant change packages, and continuous authorization (cATO) efforts.
  • Support and execute Information Security Continuous Monitoring (ISCM) activities, including vulnerability trend analysis, control effectiveness validation, configuration drift monitoring, and security posture reporting.
  • Support the implementation and monitoring of Zero Trust security principles at a system level, including identity awareness, least privilege access, and continuous validation of users, devices, and workloads.
  • Prepare, review, and maintain cybersecurity and authorization artifacts in eMASS, including, but not limited to:
    • System Security Plans (SSPs)
    • Security Assessment Reports (SARs)
    • Plans of Action and Milestones (POA&Ms)
    • Control implementation narratives and supporting evidence packages
  • Conduct security control assessments and support independent verification and validation activities.
  • Assist with the implementation and maintenance of security controls aligned with NIST SP 800-53 and DoD cybersecurity requirements.
  • Coordinate with system owners, cybersecurity engineers, and program leadership to communicate security findings, risks, and remediation status.
  • Support cybersecurity audits, inspections, and Cyber Operational Readiness Assessments (CORA), ensuring accurate documentation and evidence traceability.
  • Assist in maintaining compliance with applicable cybersecurity policies, including FISMA, DoD RMF, DoD Zero Trust guidance, and the DoD Cloud Computing Security Requirements Guide (CC SRG).
Qualifications:
  • Active Secret clearance required.
  • Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or a related field.
  • Five or more years of experience in information security, information assurance, or cybersecurity operations, with experience supporting RMF-based programs.
  • Hands-on experience performing vulnerability scanning and compliance assessments using tools such as ACAS, STIG Viewer, and SCAP Compliance Checker.
  • Experience supporting RMF documentation and authorization packages, including SSPs, SARs, and POA&Ms.
  • Working knowledge of NIST SP 800-53, NIST RMF, and DoD cybersecurity policies.
  • Experience using eMASS to support RMF lifecycle activities and track authorization artifacts.
  • Familiarity with cloud security concepts and environments such as AWS GovCloud or Microsoft Azure Government.
  • One or more cybersecurity certifications required, including CISSP, CCSP, CISM, and CASP+ ( Renamed SecurityX)

About Nationwide IT Services
NIS is an IT and Management consulting company that is a CVE-verified Service-Disabled Veteran- Owned Small Business. Our mission is to deliver value-added services to our customers, leveraging technology, people, and industry best practices to implement innovative solutions through our trusted employees and team members.

Our benefits package includes medical, dental, and vision insurance, life and disability insurance, 401(k) plan with employer match, paid holidays, PTO (sick/vacation), commuter benefits, employee assistance program (EAP), and educational reimbursement, along with Pet Insurance.

Nationwide IT Services, Inc. provides equal employment opportunities (EEO) to all qualified applicants regardless of race, color, religion, sex, national origin, sexual orientation, gender identity, genetics, disability, or protected veteran status.
Applied = 0
MORE JOBS LIKE THIS

(web-df9ddb7dc-zsbmm)