Cyber Analyst

Peraton is looking to hire a Cyber Analyst in the Washington DC Metro area.  This role will be a remote position.  At times the role will also require travel to the Quantico client site when necessary.

What you'll do:

• Lead and execute RMF compliance activities in accordance with DoD and NIST requirements, supporting system accreditation and ATO efforts.
• Conduct STIG and SRG assessments across Windows, Linux, database, cloud, and application environments using tools such as SCC and STIG Viewer.
• Manage STIG matrices, Security Configuration Guides (SCGs), and compliance documentation.
• Analyze vulnerability scan results, develop and maintain POA&Ms, and track remediation activities to closure.
• Perform static and dynamic application security testing and source code analysis using tools such as Checkmarx, SonarQube, Burp Suite, and X-Ray.
• Investigate, prioritize, and resolve security findings identified through vulnerability scans, assessments, and continuous monitoring activities.
• Collaborate with engineering, operations, and development teams to implement effective security controls and remediation strategies.
• Create, maintain, and manage cybersecurity artifacts, including SSPs, POA&Ms, and supporting documentation within eMASS.
• Support cybersecurity audits, inspections, security assessments, and compliance reviews.
• Ensure adherence to cybersecurity best practices, DoD requirements, and evolving security standards throughout the system lifecycle.
• Contribute to security governance, continuous monitoring, and continuous improvement initiatives within an Agile/DevSecOps environment.
• Communicate effectively with technical and non-technical stakeholders to support mission and compliance objectives.

What you'll need:

• Education: 8 years with a BS/BA, 6 years with a MS/MA or 12 years of experience in lieu of a degree
• Proven experience in cybersecurity roles such as Cybersecurity Analyst, Cybersecurity Engineer, ISSO, ISSM, or related positions.
• Strong knowledge of the DoD Risk Management Framework (RMF), NIST 800-53 controls, STIGs, SRGs, and system accreditation processes.
• Experience supporting Authority to Operate (ATO) efforts, including development and management of RMF artifacts.
• Hands-on experience with STIG assessments, ACAS vulnerability scanning and reporting, POA&M management, SSP development, PPSM, CONOPS, and eMASS.
• Working knowledge of AWS and cloud computing environments.
• Certifications:  One or more of the following certifications: CISSP (preferred), CASP+, Security+, CEH, CISA, SSCP, or GSEC.
• Clearance: Active Secret
• The candidate must be local to the Washington DC Metro area