Information Security Analyst

Description
At Cryptic Vector, we are dedicated to mission success. We take the time to understand our customers' needs, delivering products that perform when our nation needs them most. We understand that properly supporting the most unique missions of the United States government requires the nation’s best. Our focus is on creating a culture where the best and brightest want to grow, learn, and stay. If producing out-of-the-box solutions is your specialty, then you’ll feel right at home at Cryptic Vector. We are solving the country’s most unique problems in an environment where problem solvers and hard workers thrive. We've replaced corporate red tape with transparency and servant leadership. Honestly, it’s hard not to love this culture!
Information Security Analyst
(Classified Systems)
The
Information Security Analyst
(Classified Systems) will support compliance, auditing, and documentation activities for classified information systems. In this role, you will serve as the Information System Security Officer (ISSO) for assigned systems, focusing on the full Risk Management Framework (RMF) lifecycle — including security control assessments, continuous monitoring, and system authorization (ATO) maintenance. You will work closely with system owners, engineers, and the Information System Security Manager (ISSM) to keep classified systems compliant and mission ready.
You will have the opportunity to play a meaningful role in protecting high-stakes classified environments by ensuring robust security posture, driving compliance excellence, and directly supporting critical national security missions.
Responsibilities

• Act as ISSO for classified systems, supporting the RMF lifecycle, including:

• Security control assessments
• System authorization (ATO) maintenance
• Continuous monitoring and reporting

• Manage and maintain RMF documentation in eMASS or manually (based on customer requirements), including:

• System Security Plans (SSP)
• Security Control Traceability Matrices (SCTM)
• Risk Assessment Reports (RAR)
• Plans of Action & Milestones (POA&M)

• Conduct and document vulnerability assessments using tools such as:

• SCAP Compliance Checker
• STIG Viewer

• Perform audits and reviews to verify compliance with applicable security controls and standards, including:

• NIST SP 800-53
• JSIG/DISA guidance (as applicable)
• DCSA requirements

• Maintain asset inventory and configuration documentation for classified systems
• Track findings and coordinate remediation with system owners, system admins, and ISSM
• Support inspections, audits, and government assessments for classified systems
• Stay current on RMF guidance, cybersecurity standards, and government training requirements (e.g., DCSA CBTs)

Requirements

• 2–5+ years of experience supporting classified information systems or RMF compliance activities
• Active Top Secret Clearance with SCI eligibility. A Polygraph is not required to be eligible for this position. However, the applicant must be willing and eligible for submission, depending on program requirements, after an offer is accepted and must be able to maintain the applicable clearance/access.
• DoD 8140-compliant or equivalent legacy 8570 certifications (e.g. Sec+, CISSP)
• Hands-on experience with RMF documentation and compliance tools, such as eMASS,[ STIG Viewer, SCAP
• Knowledge of[ NIST SP 800-53 controls, security control implementation, and auditing[ practices
• Familiarity[ with classified environments and government security processes
• Strong[ attention to detail and ability to manage compliance documentation[ accurately
• Completion of[ applicable DCSA training for classified RMF and system authorization[ within 90 days of hire

Preferred Skills

• Experience with hardening various OSs (Windows and Linux)
• Prior experience performing ISSO or compliance responsibilities in a government or contractor environment
• Experience with centralized logging systems (e.g. Graylog)
• Experience with vulnerability scanners (Wazuh)
• Understanding of JSIG/DCSA requirements

Benefits & Perks
*As an Employee First company, we offer a comprehensive and competitive total rewards package:*

• 100% Company-paid medical insurance for employees
• 100% Company-paid dental and vision insurance
• Competitive salary and bonus
• 25% 401k company contribution
• Generous PTO, parental leave, bereavement leave, and volunteer time
• Flexible work hours
• Tuition reimbursement, training allowance, internal mobility opportunities
• Free beverages and snacks, Donut Fridays, monthly social events

*This role requires use of technical data subject to U.S. Government contract restrictions; therefore, this posting is only for U.S. Citizens.*
*Cryptic Vector is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.*