Systems Security Analyst

Harmonia Holdings Group, LLC•Washington, DC

11h•Hybrid

About The Position

Harmonia is seeking a Systems Security Analyst aligned to the National Initiative for Cybersecurity Education (NICE) Framework (Operate and Maintain) to support Federal government cybersecurity programs. The Systems Security Analyst is responsible for the analysis, integration, testing, operations, and maintenance of system security controls and provides expert-level guidance for Authorization and Accreditation (A&A) activities, including all phases of the NIST Risk Management Framework (RMF). This role requires advanced cybersecurity expertise and demonstrated experience supporting Federal A&A and RMF activities, including cloud-based systems.

Requirements

Advanced capability level consistent with the NICE OM-ANA-001 work role, with demonstrated abilities, knowledge, and skills to perform all core tasks.
Demonstrated experience planning, conducting, and overseeing A&A activities for the Federal government.
Certified Information Systems Security Professional (CISSP) certification (required).
Demonstrated, recent experience performing A&A activities for cloud-based solutions.
Demonstrated knowledge and expertise in the NIST Risk Management Framework (RMF) and Federal cybersecurity policy, standards, and guidelines.
Bachelor’s degree from an accredited college or university.

Nice To Haves

Significant recent experience supporting Federal A&A and RMF activities.
Additional relevant cybersecurity certifications.
Demonstrated, recent experience performing A&A activities for cloud-native and emerging technologies, such as artificial intelligence, robotic process automation, or similar technologies.
Master’s degree or higher, and/or a degree in cybersecurity, information technology, or a related field.

Responsibilities

Analyze, develop, integrate, test, operate, and maintain security controls for Federal information systems.
Provide expert-level support for Authorization and Accreditation (A&A) activities across all RMF steps.
Plan, conduct, and oversee RMF activities, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
Perform and support A&A activities for cloud-based solutions, ensuring compliance with Federal cybersecurity requirements.
Support A&A activities for cloud-native and emerging technologies, as applicable.
Ensure alignment with Federal cybersecurity policies, standards, and guidelines.
Develop, review, and maintain RMF and A&A documentation, including SSPs, SARs, POA&Ms, and authorization packages.
Collaborate with system owners, engineers, and stakeholders to identify and remediate security risks and vulnerabilities.
Provide clear communication of cybersecurity risks and compliance status to both technical and non-technical audiences.