Cybersecurity Analyst/Engineer

Cybersecurity Analyst/Engineer

Location: Arlington VA

Job Status: Full time
Clearance Required: Active DoD TS/SCI

Astrion is seeking a Cybersecurity Analyst/Engineer to join our prime contract STS-3 supporting Headquarters Space Force S6 (SF/S6) in Arlington VA. This position supports the Authorizing Official (AO) as a Security Control Assessor Representative (SCAR) with independent assessments and technical analysis across the Enterprise. The work spans early prototype efforts through programs of record preparing for milestone decisions and operational fielding ensuring the secure operations of enterprise networks, mission-critical systems, and sensitive data across the Authorizing Official's multiple enclaves.

You will play a hands-on role in Cybersecurity Analysis, Engineering, and Risk Management Framework (RMF) compliance, driving mission assurance for some of the nation's most important space systems.

REQUIRED QUALIFICATIONS / SKILLS

• 10+ years of cybersecurity experience supporting USSF, DoD, or related federal organizations.
• MA or MS degree
• Active DoD TS/SCI clearance (with current investigation).
• CompTIA Security+ or equivalent DoD 8570/8140 IAT/IAM certification.
• Hands-on experience with eMASS.
• Hands-on experience with eMASS and/or XACTA

PREFERRED QUALIFICATIONS / SKILLS 

• Experience supporting Authorizing Officials, SCAs, or executing enterprise-level cyber governance and Risk Management Framework (RMF) protocols.
• Senior-level cybersecurity certifications or equivalents (e.g. CISSP, CAP, CCSP, GSLC, GIAC).
• Knowledge of FedRAMP, FISMA, Clinger-Cohen Act, ITAR, PPP, SCRM, and other related requirements.
• Strong organizational, interpersonal, and communication skills with attention to detail.
• Advanced skills in Microsoft Word, Excel, PowerPoint, and Outlook.

RESPONSIBILITIES

• Perform in-depth evaluations of system cybersecurity architecture, including cloud-native services, hybrid infrastructures, identity solutions, Zero Trust components, and enterprise boundary implementations.
• Lead or contribute to comprehensive technical assessments, ST&E activities, and focused reassessments, ensuring findings and system insights are well-documented and aligned with mission requirements.
• Develop clear, well-supported security assessment results and risk statements that accurately reflect system posture and support AO decision-making.
• Analyze vulnerability data, operational context, and engineering considerations to identify meaningful risks, recommended mitigations, and residual risk impacts across complex systems.
• Review and interpret Program Protection Plans (PPP), Supply Chain Risk Management (SCRM) documentation, and Clinger–Cohen Act (CCA) artifacts for cybersecurity relevance and lifecycle completeness.
• Assess cybersecurity integration throughout the engineering lifecycle, including readiness for PDR, CDR, TRR, DT/OT events, and system evolution toward fielding or sustainment.
• Participate in cloud, architecture, and engineering discussions to evaluate system design, security control implementation, and alignment with enterprise cybersecurity patterns.
• Support preparation for milestone decisions (A/B/C) by evaluating system cybersecurity maturity, documentation quality, and alignment with acquisition and RMF expectations.
• Contribute assessment insights and risk observations to SF/S6 governance reviews, enterprise dashboards, and portfolio-level evaluations.
• Provide senior technical input during continuous monitoring reviews, including updates to boundary definitions, inheritance relationships, and assessment documentation.
• Review RMF documentation (SSP, SAR, SAP, POA&M) for coherence, accuracy, and traceability across system artifacts.
• Participate in cross-program analysis to identify structural or systemic cybersecurity themes, risk patterns, and opportunities for improvement.
• Assist programs pursuing ATO renewals or preparing for major engineering or acquisition events by reviewing maturity indicators, evidence completeness, and cybersecurity integration.
• Offer experienced guidance during technical assessment sessions, including interactive evidence reviews, configuration demonstrations, and interpretation of control implementations.
• Provide mentorship, knowledge sharing, and technical support to other assessors, ISSOs, engineers, and program staff to promote consistency and quality across assessments.
• Support annual security review activities, reassessment cycles, and RMF Step 6 continuous monitoring requirements by validating control updates and documenting system posture changes.
• Contribute to enterprise reporting inputs, including FISMA metrics, DoD CIO scorecard data, and cybersecurity posture summaries, with attention to clarity and technical accuracy.
• Engage in working groups, technical exchanges, and assessment teams to ensure alignment between system cybersecurity posture, enterprise architecture, and USSF governance requirements.